Hosting health data: the French requirements
Going through the accreditation procedure
[datalaw.ch] Singularisierung und Identifizierung
Interessanter Beitrag von Philipp Glas vor Schweizer Hintergrund.
Maltego
Tool to do correlation of personal data – e.g. from public sources.
https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php
[Baker McKenzie] GDPR National Legislation Survey (as of January 2018)
I wonder why they didn’t expand on Art 22 of the German DSAnpUG
[Vortrag] “Privacy by Design”, Marit Hansen
“Privacy by Design”
Marit Hansen
Landesbeauftragte für Datenschutz Schleswig-Holstein,
5. DFN-Konferenz Datenschutz
Hamburg, 29.11.2016
NIST: NISTIR 8062 An Introduction to Privacy Engineering and Risk Management in Federal Systems
NISTIR 8062
An Introduction to Privacy Engineering and Risk Management in Federal Systems
ENISA: Handbook on Security of Personal Data Processing
“The overall scope of the report is to provide practical demonstrations and interpretation of the methodological steps of the ENISA’s 2016 guidelines for SMEs on the security of personal data processing. This is performed through specific use cases and pragmatic processing operations that are common for all SMEs.”
https://www.enisa.europa.eu/publications/handbook-on-security-of-personal-data-processing
ENISA’s Privacy by Design portal
[UK] ICO’s Liz Denham on direct marketing consent
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/02/dma-data-protection-2018/
”
Detail of the e-privacy regulation is still being debated, but a default for all consumer marketing to be opt-in is in the current draft.
Until the e-privacy regulation comes into force, PECR will sit along side the GDPR.
That means electronic marketing will require consent. Yes, there is potential to use legitmate interests as a legal basis for processing in some circumstances, but you must be confident that you can rely on it.
It seems to me that a lot of energy and effort is being spent on trying to find a way to avoid consent. That energy and effort would be much better spent establishing informed, active, unambiguous consent.
You say you will lose customers. I say you will have better engagement with them and be better able to direct more targeted marketing to them. You will have complete confidence that your customers have given informed consent.
“
[US, California] Data Breach Report 2016
https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf
(references CIS controls next to NIST and ISO27002)