Browse Topics

Recently Added Resources

IAPP-EY Annual Governance Report 2018

Last year, the 2017 Privacy Governance Report welcomed the arrival of the European Union’s General Data Protection Regulation, both the compliance efforts and the corresponding angst over how to accomplish a list of daunting, if not impossible, tasks. One year later, we see in the 2018 survey that organizations have bulked up their privacy teams, tackled the hard work of implementing GDPR programs, spent a lot of money to get there (an average of $1.3 million, with an additional $1.8 mil... Read More

EU-US Privacy Shield

Created in 2016 to replace the invalidated EU-U.S. Safe Harbor agreement, the Privacy Shield is an adequacy agreement that allows for the transfer of personal data from the EU to the United States for companies participating in the program. Only those companies that fall under the jurisdiction of the U.S. Federal Trade Commission may certify to the Shield principles and participate, which notably excludes health care, financial services, and non-profit institutions.... Read More

Prudence the Privacy Pro Vol. 5 No. 7

Time for a little California sun for Pru and Opt-Out. Now that GDPR is managed, what's there to worry about ... Right? Click on the image below if you would like to download a high-resolution pdf to print and hang in your office. (25.7MB)  ... Read More

Vital Interests

Protecting "vital interests" refers to circumstances of life or death — in other words, where the processing of personal data contemplated is vital to an individual’s survival. For example, under the European General Data Protection Regulation, processing of personal data that necessary in order to protect the vital interests of the data subject or of another natural person is one of the six legal bases for processing personal data. This criterion will be relevant only in rare emergency situatio... Read More

Urgency Procedure

According to the General Data Protection Regulation, in exceptional cases where there is an urgent need to protection individuals’ rights and freedoms, a supervisory authority can bypass the cooperation procedures and consistency mechanism (see Conistency Mechanism) to adopt provisional measures in its country, after which it should notify other regulators who have an interest in the matter, the Commission and the European Data Protection Board. The supervisory authority can apply to the EDPB fo... Read More

Territorial Scope

"The jurisdictional reach of a law or regulation. In the case of the General Data Protection Regulation, it applies to organizationsestablished in the EU and to their third-party processors of personal data, wherever they happen to be located, and to those organizations that offer goods or services to, or monitor, individuals in the EU."... Read More

Supervisory Authority

An independent public authority established by an EU member state, responsible for monitoring the application of the General Data Protection Regulation.... Read More