11/14/2018

Seven Firms accused of violating GDPR by Privacy International

On May 25th of 2018, GDPR Became effective, bringing a demanding standard for data protection and privacy rights for individuals from organizations around the world. Privacy International (PI), which is a charity that defends and promotes the right to privacy, accused seven firms of “disregarding data protection principles, including purpose limitation, data minimization and data accuracy”.

 

The seven companies, Oracle, Equifax, Acxiom, Criteo, Experian, Quantcast and Tapad have been accused of violating data protection laws by a privacy rights group and referred to data regulation. PI states that the companies do not have a legal basis for the way they use people’s data, and have not attained appropriate consent. Also, the companies do not have the basis for processing sensitive personal data. Read the full article for more details about this situation.

 

To protect companies of such accusation, Digital Edge reminds organizations applicable with GDPR regulations should keep in mind:

 

Organizations must understand the meaning of ‘Personal data’ under GDPR:

  • Name
  • Unique identifiers, such as social insurance account numbers
  • Location data that can be used to pinpoint an individual
  • Email address, phone number and other contact information
  • Characteristics specific to an individual, such as political opinions, religion and physical details
  • Specific categories of data, such as genetic and biometric information

Organizations will need to:

  • Protect personal data using appropriate security
  • Notify authorities of personal data breaches
  • Obtain appropriate consents for processing data
  • Keep records detailing data processing

Organizations are required to:

  • Provide clear notice of data collection
  • Outline processing purposes and use cases
  • Define data retention and deletion policies 

 

Digital Edge’s VP of Compliance has spoken about GDPR multiple times, answering most asked questions and giving quick facts about GDPR.

 

In an increasingly digitized world, Digital Edge values privacy and is committed to protecting your personal data. Data and the protection of data are at the core of everything we do. As such, our business is built on Stability, Security, Efficiency, and Compliance, enabling us to protect our customers’ most valuable assets. We are committed to complying with the new legislation and will collaborate with partners throughout this process.  Not ready? Need assistance? For more information on this regulation and to ensure that your organization is following the critical compliance requirements contact Digital Edge today! 

Was this article helpful?
Danielle Johnsen
VP of Compliance

Danielle V. Johnsen joined the Digital Edge team in 2015 as the VP of Compliance.  With a passion for information security and organizational compliance, Danielle’s vision is to enable collaboration between 'The Business' and Information Technology, thus creating common objectives and outcomes that benefit the organization, while staying in compliance with all regulatory bodies and companywide policies. Specializing in security frameworks and policies such as: ISO 9001, ISO 27001, NYS DFS 500, NIST, HIPPA, GDPR, PCI, OSPAR, and more!