“Consent” is a fundamental part of processing user data. It has a special place at the heart of digital privacy theory. Given the importance of consent, it shouldn’t be surprising that there’s plenty of legal wrangling over how it’s defined.
Data Minimization is a privacy concept that’s written into GDPR and is a best-practice for privacy-conscious businesses worldwide. It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.
“Data Privacy” and “Data Security” are two terms that can sometimes be used interchangeably, especially by those who aren’t in the field of data protection. However, in this particular sector, they mean two very different things. Understanding the relationship between them is essential for grasping the complexity of regulatory compliance.
The Private Right of Action in CCPA can be defined as a right that allows individuals to sue organizations for data violations even in the case of a third-party breach. It is a highly debated topic in privacy law that is handled differently across the globe. The Private Right of Action is the ultimate enforcer of an organization’s commitment to keeping individual data safe, but with such a strong check comes risk.
A data breach when information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways, and the GDPR and the CCPA outline specific protocols that businesses must follow in the event that it occurs.
A DPIA is a risk assessment that is carried out for any activity that involves processing user data and are a key part of privacy best practice
A Data Protection Officer is a role that’s required for many businesses under GDPR, and recommended for any data-reliant business.
DSRs (also known as DSARs or even SARs, depending where in the world you are) are a core competence for any business wishing to be compliant with GDPR or the CCPA. They are a key piece of data privacy activity, and getting them right can pose a significant challenge for businesses of all kinds.
Data Protection Impact Assessments are the sleeping giants that lie deep in the GDPR. Doing DPIAs well requires organizations to commit to responsible data management at a deep, deep level. That’s one of the reasons why they are so challenging.
Across the ocean, a much-publicized piece of holistic privacy legislation called the GDPR has transformed the relationship between citizens, businesses, and personal data. In 2019 it’s time to ask: why can’t the USA produce its own unified piece of federal data privacy regulation?
