Privacy Compliance Blog

The latest privacy compliance news, issues, resources and expert advice to save you time and mitigate risk

General Data Protection Regulation (GDPR)

brexit-and-data-protection-what-happens-in-case-of-a-deal
Brexit and Data Protection: What Happens in Case of a Deal?

By: Paul Breitbarth

Erlier today, the European Union and the United Kingdom reached agreement on a revised customs plan for Brexit.

managing-data-breaches-best-practices-for-an-accountability-approach
Managing Data Breaches, Best Practices for an Accountability Approach

By: Paul Breitbarth

The CCPA, EU’s GDPR, Canada’s PIPEDA, Brazil’s General Data Protection Law, Australia’s notifiable data breach scheme are just a few examples of international data breach notification laws that have come into play in recent years.

ccpa-nevada-and-the-ever-changing-us-landscape
CCPA, Nevada and the Ever-Changing US Landscape

By: Rene Mendizabal

When we did our last update on the status of US privacy legislation just a few weeks ago, there were 15 States with consumer privacy laws passed and/or bills on the table, including California (CCPA) and the most recent, Nevada (Act Relating to Internet Privacy).

gdpr-to-ccpa-and-beyond-overcoming-challenges-to-timely-privacy-compliance
GDPR to CCPA and beyond: Overcoming Challenges to Timely Privacy Compliance

By: Teresa Troester-Falk

Would you find it surprising that almost half of privacy officers consider building a privacy program as their top priority? Perhaps one would expect that privacy programs would have been built in the run-up to the GDPR (May 25, 2018).

new-report-taking-the-pulse-of-the-privacy-office
New Report: Taking the Pulse of the Privacy Office

By: Nymity

There has been no rest for privacy professionals coming out of last year’s GDPR compliance activities. With California (CCPA) and other jurisdictions bringing in new and/or amended privacy legislation, putting increasing demands on the privacy office, it isn’t surprising that privacy professionals are feeling anxious.

reporting-to-the-board-on-privacy-practical-advice-from-a-chief-privacy-officer
Reporting to the Board on Privacy: Practical Advice from a Chief Privacy Officer

By: Nymity

Corporate directors and senior leaders take on a broad range of responsibilities when they join a company’s board. Privacy is increasingly becoming one of the issues board members are focusing on as part of their compliance and oversight obligations.

are-the-ccpa-and-us-state-privacy-laws-causing-anxiety-move-from-wait-and-see-to-take-control-of-your-compliance
Are the CCPA and US state privacy laws causing anxiety? Move from “wait and see” to “take control” of your compliance

By: Rene Mendizabal

New privacy bills, amended bills, bills not making it out of committee, bills in debate in State Houses and Senates. The privacy regulatory environment in the US is changing on an almost daily basis.

happy-birthday-gdpr-at-one-year-on-what-have-we-learned
Happy Birthday GDPR. At one year on, what have we learned?

By: Paul Breitbarth

Happy Birthday GDPR! It’s been one year since the European Union’s General Data Protection Regulation (GDPR) came into effect (May 25, 2018). What have we learned over this past year?

recap-2019-iapp-global-privacy-summit
Recap: 2019 IAPP Global Privacy Summit

By: Nymity

Last week, the Nymity team headed to beautiful Washington, DC as a platinum sponsor of the IAPP 2019 Global Privacy Summit.

nymity-launches-next-generation-solutions-enabling-organizations-to-minimize-time-to-compliance
Nymity Launches Next Generation Solutions Enabling Organizations To Minimize Time To Compliance

By: Nymity

Nymity, Inc. announced the availability of its next generation of solutions built on Nymity’s integrated, research-driven, expert privacy platform, enabling organizations to minimize time to compliance with US, European and global privacy legislation.

gdpr-ccpa-lgpd-and-more-staying-afloat-in-the-sea-of-global-privacy-regulations
GDPR, CCPA, LGPD, and more: Staying afloat in the sea of global privacy regulations

By: Teresa Troester-Falk

Aversion of this post originally appeared in CPO Magazine. The global privacy legislation landscape continues to be a complex sea to navigate. To date we have seen 117 omnibus laws (GDPR) and another 28 sectoral laws (CCPA) come into play.

research-the-key-ingredient-to-a-successful-privacy-program
Research: The Key Ingredient to a Successful Privacy Program

By: Nymity

Your organization worked hard to complete compliance activities for the GDPR leading up to the May 25, 2018 deadline.

ccpa-getting-past-stuck-and-getting-started-with-consumer-rights-request
CCPA: Getting Past Stuck and Getting Started with Consumer Rights Requests

By: Teresa Troester-Falk

On the heels of the GDPR, The California Consumer Privacy Act (CCPA) is set to be one of the toughest privacy laws enacted in the US.

reporting-data-privacy-obligations-to-your-board
Reporting Data Privacy Obligations to Your Board

By: Nymity

We get a lot of requests on how to report on data privacy obligations, especially as they gain more visibility with boards.

whats-in-store-for-privacy-in-2019-gdpr-enforcement-ccpa-lgpd-and-more
What’s in store for Privacy in 2019? – GDPR Enforcement, CCPA, LGPD & More

By: Paul Breitbarth

The rising wave in privacy regulations prompted by the GDPR is set to begin a new chapter on how personal data is handled.

our-highlights-of-2018
OUR HIGHLIGHTS OF 2018

By: Teresa Troester-Falk

I don’t think any of us will soon forget May 25th, 2018. The EU GDPR was the first law with global repercussions, and it required extensive organizational changes.

tracking-the-gdpr-how-to-keep-up-with-national-law-developments-q4-2018
Tracking The GDPR: How to Keep Up with National Law Developments, Q4 2018

By: Paul Breitbarth

To assist organisations in their ongoing compliance with the GDPR, we held the third in our series of webinars on keeping up with national law developments.

data-retention-policies-demystified
Data Retention Policies Demystified

By: Paul Breitbarth

At Nymity, we often get questions regarding the retention of personal data under various laws.

making-the-transition-from-project-to-program-how-hid-global-complies-with-multiple-privacy-laws
Making the Transition from Project to Program: How HID Global Complies with Multiple Privacy Laws

By: Jennie Hargrove

For multi-jurisdictional organisations, complying with the GDPR and other applicable laws, such as the upcoming CCPA, may seem daunting, but there is no time to waste.

brexit-what-does-the-future-hold-for-uk-eu-data-flows-and-regulatory-cooperation
Brexit – What Does the Future Hold for UK/EU Data Flows and Regulatory Cooperation?

By: David Smith

The UK is set to leave the EU on 29 March next year. In the current minefield of UK and EU politics, nothing is absolutely certain, but it would take a minor miracle for this date to change.

how-to-acquire-budget-for-your-privacy-program
How to Acquire Budget for Your Privacy Program

By: Ray Pathak

One of the most common questions we are asked is, “How do I make a business case to acquire budget for my privacy program?

the-state-of-play-on-gdpr-certifications
The State of Play on GDPR Certifications

By: Paul Breitbarth

Last month we attended the IAPP’s Privacy Security Risk Conference in Austin, Texas. With the GDPR and upcoming CCPA, the conference seemed to focus more heavily on privacy than security.

from-privacy-project-to-privacy-program-learn-how-gm-coca-cola-european-partners-and-otter-products-leverage-gdpr-initiatives-to-comply-with-the-ccpa-and-more
From Privacy Project to Privacy Program: Learn How GM, Coca-Cola European Partners and Otter Products Leverage GDPR Initiatives to Comply with the CCPA and More

By: Teresa Troester-Falk

To comply with obligations under the GDPR (and the 700+ other global privacy laws), it is best to take an accountability approach.

tracking-the-gdpr-how-to-keep-up-with-national-law-developments-2018-q3-2018
Tracking The GDPR: How to Keep Up with National Law Developments 2018, Q3 2018

By: Paul Breitbarth

To assist organisations in their ongoing GDPR compliance journey, we held the second in our series of webinars on tracking the GDPR and how to keep up with national law developments.

demonstrating-compliance-with-multiple-laws-from-gdpr-to-ccpa
Demonstrating Compliance with Multiple Laws, from GDPR to CCPA

By: Teresa Troester-Falk

The dust has barely settled on GDPR preparation, and another big law is coming down the pipeline that will affect organisations established in the state of California or doing business there.

part-two-how-to-take-an-accountability-approach-to-compliance-with-multiple-laws-gdpr-ccpa-and-700-more
Part 2: How to Take an Accountability Approach to Compliance with Multiple Laws (GDPR, CCPA and 700 more!)

By: Teresa Troester-Falk

Some organisations have been treating the GDPR as if it were a one time project with an end date of May 25th.

part-one-how-to-take-an-accountability-approach-to-compliance-with-multiple-laws-gdpr-ccpa-and-700-more
Part 1: How to Take an Accountability Approach to Compliance with Multiple Laws (GDPR, CCPA and 700 more!)

By: Teresa Troester-Falk

With the advent of the GDPR and the overwhelming attention it received, the layperson may have assumed it was the first privacy law ever to be passed.

its-not-too-late-for-gdpr-compliance-and-there-are-tools-to-help
It’s Not Too Late for GDPR Compliance, and There are Tools to Help

By: Ray Pathak

As the EU GDPR was coming into effect this year, there was much speculation as to how many companies were going to be prepared and compliant on May 25th.

applying-legitimate-interests-in-practice-under-the-gdpr
Applying “Legitimate Interests” in Practice under the GDPR

By: Teresa Troester-Falk

In previous blogs, we have discussed the legitimate interests as a lawful ground for processing data under the GDPR.

are you-ready-to-report-on-gdpr-compliance-part-two-enterprise-level-reporting
Are You Ready to Report on GDPR Compliance? Part 2: Project Level Reporting

By: Nymity

Accountability is the cornerstone of Regulatory Ready reporting, and it means effectively operationalising the use of appropriate technical and organisational measures to allow for reporting at the enterprise and project level.

are you-ready-to-report-on-gdpr-compliance-part-one-enterprise-level-reporting
Are You Ready to Report on GDPR Compliance? Part 1: Enterprise Level Reporting

By: Nymity

Organisations had two years to prepare for GDPR compliance in the run-up to May 25, 2018. Now that the GDPR is in force, what will Regulators want to see? The question is no longer theoretical.

are you-ready-to-report-on-gdpr-compliance-learn-about-regulator-ready-reporting
Are You Ready to Report on GDPR Compliance? Learn About Regulator Ready Reporting

By: Nymity

Do you understand the minimum documentation requirements that a regulator will want to see if/when they come knocking on your door?

demonstrating-compliance-with-both-gdpr-and-ccpa
Demonstrating Compliance with both GDPR and CCPA

By: Paul Breitbarth

With the dust of the entry into application of the GDPR hardly settled, the data protection community is shaping up to deal with the next challenge: the California Consumer Privacy Act.

gdpr-breach-notification-is-here-what-now
GDPR Breach Notification Is Here: What Now?

By: Paul Breitbarth

After years of anticipation, preparation, and countless hours of interpretation, the GDPR went into effect on May 25, 2018 and changed the data protection landscape for companies all around the world.

large-scale-data-processing
Large Scale Data Processing

By: Paul Breitbarth

As most people will have realised by now, the General Data Protection Regulation (GDPR) takes a risk-based approach.

tracking-the-gdpr-how-to-keep-up-with-national-law-developments
TRACKING THE GDPR: How to Keep Up with National Law Developments

By: Nymity

Almost three weeks have passed since the GDPR became applicable on May 25th. The days leading up to this date—and following it—have been a bit stressful for some organisations.

run-up-to-may-25-the-most-download-resources-from-nymity-templates
Run-up to May 25: The most downloaded resources from Nymity Templates™

By: Meaghan McCluskey

The GDPR is now officially enforceable, following the implementation date of May 25, 2018.

the-gdpr-and-technological-innovation-interparliamentary-committee-meeting-eu-parliament
The GDPR and Technological Innovation – Interparliamentary Committee Meeting, EU Parliament

By: Nymity

In just over a week, the GDPR will finally be in full force. The deadline was a good reason for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs to host a joint session with representatives of the national parliaments of the EU Member States.

processing-personal-data-under-the-gdpr-part-4-lawful-use-of-legitimate-interests
Processing Personal Data Under the GDPR Part 4: Lawful Use of “Legitimate Interests”

By: Teresa Troester-Falk

While the “legitimate interests” ground for processing can be lawfully applied in many cases, the processing must be subjected to a balancing test which involves looking at the nature and source of the legitimate interests on the one hand and the impact on the rights of the data subjects on the other hand.

processing-personal-data-under-the-gdpr-part-3-lawful-use-of-legitimate-interests
Processing Personal Data Under the GDPR Part 3: Lawful Use of “Legitimate Interests”

By: Teresa Troester-Falk

As is the case with any number of principles within the data privacy sector, the concept of “legitimate interests” is not a black-and-white matter.

processing-personal-data-under-the-gdpr-part-2-dpa-issued-guidance-and-legitimate-interests-in-cjeu-case-law
Processing Personal Data Under the GDPR Part 2: DPA Issued Guidance and Legitimate Interests in CJEU Case Law

By: Teresa Troester-Falk

The “legitimate interest” grounds for lawful processing is less a cut-and-dried approach.

processing-personal-data-under-the-gdpr-overview-and-background
Processing Personal Data Under the GDPR Part 1: Overview and Background

By: Nymity

Organizations processing data have long relied “legitimate interest” as a lawful ground for processing.

accountability-and-demonstrating-compliance-under-the-gdpr-two-case-studies
Accountability and Demonstrating Compliance Under the GDPR: Two Case Studies

By: Nymity

The accountability principle in Article 5 of the GDPR requires organisations to demonstrate compliance with all principles of the legislation.

a-practical-guide-to-demonstrating-compliance-part-3-common-approaches-to-prioritising-compliance-tasks
A Practical Guide to Demonstrating Compliance Part 3: Common Approaches to Prioritising Compliance Tasks

By: Nymity

The demonstration of compliance with a regulation like the GDPR is, by nature, an ongoing process that must be tailored to the unique functions of each organisation.

nymity-at-the-global-privacy-summit-2018
Nymity at the Global Privacy Summit 2018

By: Nymity

As a proud platinum sponsor of this year’s Global Privacy Summit in Washington, D.C., the Nymity team was on the ground, actively interacting with attendees at our booth, as well as speaking as subject matter experts throughout the course of the event.

a-practical-guide-to-demonstrating-compliance-part-2-prioritising-accountability-obligations-in-two-steps
A Practical Guide to Demonstrating Compliance Part 2: Prioritising Accountability Obligations in Two Steps

By: Nymity

The General Data Protection Regulation (GDPR) integrates accountability as a principle in Article 5(2) which requires organisations to demonstrate compliance with the principles of the GDPR.

a-practical-guide-to-demonstrating-compliance-part-1-understanding-key-privacy-management-concepts
A Practical Guide to Demonstrating Compliance Part 1: Understanding Key Privacy Management Concepts

By: Nymity

The concept of “accountability” has emerged as a dominant theme in global privacy and data protection law, policy, and organizational practices and is considered fundamental to privacy management.

how-to-choose-the-right-privacy-software-vendor
How to Choose the Right Privacy Software Vendor

By: Nymity

While privacy management software is an invaluable tool for the privacy office, procuring the right solution from the right vendor can be a time-consuming process.

gdpr-article-30-are-you-ready-for-the-new-records-of-processing-activities-requirements
GDPR Article 30: Are you ready for the new records of processing activities requirements?

By: Nymity

One of the main tenets of the GDPR is accountability; the obligation that companies be responsibility for the data they process and be able to demonstrate compliance.

gdpr-compliance-only-four-months-to-go-how-will-you-prioritize-your-efforts
GDPR Compliance: Only Four Months to Go. How Will You Prioritize Your Efforts?

By: Nymity

By examining our most popular references on Nymity Research™, the status of GDPR compliance using Nymity Benchmarks™ and the most downloaded GDPR resources in Nymity Templates™, we are able to gain a birds-eye view of the issues that are currently top of mind for organisations facing GDPR implementation.

2018-privacy-compliance-software-buyers-guide-part-3-privacy-management-software
2018 Privacy Compliance Software Buyer’s Guide, Part 3: Privacy Management Software

By: Nymity

For many organisations, privacy compliance software has become an invaluable tool in crafting effective privacy programs that span multiple privacy laws and multiple regulators.

2018-privacy-compliance-software-buyers-guide-part-2-privacy-office-support-software
2018 Privacy Compliance Software Buyer’s Guide, Part 2: Privacy Office Support Software

By: Nymity

In many ways, complying with privacy laws is very straight-forward. Your organisation must: Understand your legal obligations; Build a privacy program made up of policies, procedures, and other relevant accountability mechanisms; and When there is sufficient volume and complexity, implement automated privacy management software.

2018-privacy-compliance-software-buyers-guide-part-1-legal-research-software
2018 Privacy Compliance Software Buyer’s Guide, Part 1: Legal Research Software

By: Nymity

Privacy Compliance Software is a key tool for organisations with operations across multiple jurisdictions, extensive privacy programs, or complex, high volume privacy management activities.

nymity-featured-in-business-reporter
Nymity Featured in Business Reporter

By: Nymity

2018 is officially underway, and for many organisations across the globe, GDPR compliance is being prioritized in anticipation of the May enforcement date.

nymity-data-privacy-accountability-scorecard
Nymity Data Privacy Accountability Scorecard™

By: Nymity

Accountability was first established as a privacy principle in 1980, when the Organisation for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Data Flow made organisations responsible for upholding the principles of the guidelines.

top-10-tips-from-the-nymity-gdpr-compliance-webinar-series-part-2
Top 10 Tips from the Nymity GDPR Compliance Webinar Series: Part 2

By: Nymity

As we approach the 2018 enforcement date of the GDPR, organisations are swiftly progressing in their compliance preparations.

top-10-tips-from-the-nymity-gdpr-compliance-webinar-series-part-1
Top 10 Tips from the Nymity GDPR Compliance Webinar Series: Part 1

By: Nymity

Nymity’s GDPR Compliance webinar series has drawn to a close as we reach the end of 2017.

gdpr-and-vendor-management
GDPR and Vendor Management

By: Nymity

Many organisations are currently struggling with vendor management under the GDPR. One thing is clear: A more detailed and continued scrutiny of your vendors is now required from a data protection perspective.

top-5-most-downloaded-privacy-management-resources
Top 5 Most-Downloaded Privacy Management Resources

By: Nymity

As organisations continue their GDPR readiness, it can be helpful to gain an understanding of the technical and organisational measures that are currently undergoing development within other organisations.

data-breach-response-latest-news-from-the-european-union
Data Breach Response: Latest News from the European Union

By: Nymity

Throughout the EU, member states are producing and updating their individual data security policies to align with the GDPR. One of the most important facets of any data privacy infrastructure is the breach response policy.

beyond-the-gdpr-current-news-in-regional-legislation
Beyond the GDPR: Current News in Regional Legislation

By: Nymity

If your organisation is preparing to address GDPR compliance, you will also need to remain informed about the supporting legislation being developed separately in different countries across the EU.

nymitys-gdpr-compliance-toolkit-a-two-part-series-part-2-getting-down-to-details
Nymity’s GDPR Compliance Toolkit: A Two-Part Series - Part 2: Getting Down to Details

By: Nymity

Addressing GDPR Readiness is a topic that’s front of mind for many organisations as 2017 winds down.

nymitys-gdpr-compliance-toolkit-a-two-part-series-part-1-are-you-ready-for-gdpr-compliance
Nymity’s GDPR Compliance Toolkit: A Two-Part Series - Part 1: Are you ready for GDPR compliance?

By: Nymity

Accountability is a key concept under the GDPR. An accountable organisation is one that is equipped to show how requirements are being met.

certifying-your-privacy-program-why-and-how
Certifying Your Privacy Program: Why and How?

By: Nymity

What does it mean to “certify” under the GDPR? The certification of products, services, and privacy programs under GDPR is detailed in article 42 and 43.

39th-international-conference-of-data-protection-and-privacy-commissioners-part-2-of-a-2-part-series
39th International Conference of Data Protection and Privacy Commissioners: Part 2 of a 2-Part Series

By: Nymity

In Part 1 of this blog series, we detailed the four main themes of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) that took place recently in Hong Kong.

39th-international-conference-of-data-protection-and-privacy-commissioners-part-1-of-a-2-part-series
39th International Conference of Data Protection and Privacy Commissioners: Part 1 of a 2-Part Series

By: Nymity

The Nymity team recently had the pleasure of attending the 39th International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Hong Kong.

leverage-your-gdpr-compliance-efforts-to-support-bcrs
Leverage Your GDPR Compliance Efforts to Support BCRs

By: Nymity

Binding Corporate Rules (BCRs) have existed since 2003. They were developed by the European data protection authorities, to facilitate intra-group data transfers for multinationals.

demonstrating-compliance-to-regulators-what-does-it-mean
“Demonstrating Compliance” to Regulators: What does it mean?

By: Nymity

The GDPR is very clear on one thing: Organisations need to be able to demonstrate compliance with all requirements of the law.

less-than-a-year-to-gdpr-compliance-trends-and-analysis-from-real-world-activity
Less than a Year to GDPR Compliance: Trends and Analysis from Real-World Activity

By: Nymity

The GDPR is now less than one year away from coming into effect and organisations are eager to know where they stand compared to others.

the-gdpr-and-consent
The GDPR and Consent

By: Nymity

In a recent webinar, we looked at the topic of consent and the GDPR. We discussed best practices for addressing compliance with consent requirements, and in particular we considered the ways in which an accountability approach can embed compliance mechanisms throughout the process of consent management.

how-to-get-started-and-demonstrate-compliance-through-an-accountability-approach-part-3
How to Get Started and Demonstrate Compliance through an Accountability Approach: Part 3

By: Nymity

In today’s final installment of our three-part series on Accountability, we will be examining how taking an accountability approach to privacy management assists in demonstrating compliance.

how-to-get-started-and-demonstrate-compliance-through-an-accountability-approach-part-2
How to Get Started and Demonstrate Compliance through an Accountability Approach: Part 2

By: Nymity

In Part 1 of this three-part series, we took a look at how the concept of Accountability has evolved over the years from simply achieving strict compliance with the laws, to being able to demonstrate compliance through a proactive approach to privacy management.

how-to-get-started-and-demonstrate-compliance-through-an-accountability-approach-a-three-part-series
How to Get Started and Demonstrate Compliance through an Accountability Approach: A Three Part Series

By: Nymity

In 1980, the original OECD Guidelines introduced the accountability principle. Twenty-five years later, it was also addressed in the 2005 APEC Privacy Framework.

does-the-gdpr-require-a-personal-data-inventory
Does the GDPR Require a Personal Data Inventory?

By: Nymity

One of the most common areas where confusion seems to arise for our clients is surrounding the difference between a Personal Data Inventory and a Record of Processing Activities.

satisfy-gdpr-pia-requirements-with-an-accountability-focused-approach
Satisfy GDPR PIA Requirements with an Accountability-Focused Approach

By: Nymity

In our webinar, “Does the GDPR Require PIA’s? Only Sometimes”, we discussed the GDPR’s requirements, as well as a next generation approach to Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA), which is called an Accountability PIA.

time-saving-methods-to-prioritise-your-gdpr-compliance
Time-Saving Methods to Prioritise Your GDPR Compliance

By: Nymity

Nymity’s approach has always been to focus on the “end goal” of the ability to demonstrate compliance.

Like what you’re reading?



Have a question about privacy or compliance? Ask Us