By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A European Commission Statement says that Data Protection Authorities across Europe received 95,180 complaints regarding the mishandling of personal data and companies reported a record number of 41,502 data breaches since the General Data Protection Regulation (GDPR) was enacted on 25 May 2018. According to the GDPR provisions, businesses have the obligation to report data breaches to their national DPA in under 72 hours if personal data of European citizens is unlawfully or accidentally disclosed. Following the 95,180 complaints introduced by both individuals and organizations mandated by individuals since the enactment of the GDPR, a number of 255 investigations were initiated by national Data Protection Authorities. 41,502 data breaches reported by companies since 25 May 2018. It is important to mention though that out of those, a couple of dozen GDPR investigations were also initiated outside the scope of the complaints advanced by individuals. Moreover, the European Commission's statistics say that the most common types of GDPR complaints were related to telemarketing, promotional e-mails, and to video surveillance/CCTV, which were found to violate multiple provisions.  Further details are posted on OUR FORUM.

As reported by Cisco in its Data Privacy Benchmark Study, companies that follow the requirements of the General Data Protection Regulation (GDPR) experience benefits such as lower frequency and effect of data breaches, as well as fewer records being impacted in the attacks, shorter downtimes and lower overall costs. GDPR is a user and data privacy regulation which came into effect in the European Union on May 25, addressing data protection of EU residents and the export of personal data outside the EU and EEA areas. The report used the data collected via a double-blind survey which was answered by over 3200 security professionals from 18 countries from all over the world and from all major industries. "Organizations have a long way to go to maximize the value of their private investments. Our research shows that the market is set and ready for those willing to invest in data assets and privacy may be the path forward to get there," according to Michelle Dennedy, Cisco's Chief Privacy Officer. When it comes to the level of GDPR readiness among the respondents, 59% of them said that they are meeting either all or most of GDPR’s provisions, while 29% of them stated that GDPR-readiness is one year away and another 9% indicated that they would need more than a year to be ready. Learn more by visiting OUR FORUM.

The abstract world of coding is ideal for people who are blind or have low vision, but to there is a high barrier to entry to getting started, with students first needing to learn to touch type for example. Today at BETT education show, Microsoft announced Code Jumper, a tethered hardware device designed to teach children who are blind or have otherwise impaired vision how to code. Instead of poking at tablet screens or typing into laptops, students are taking out brightly colored plastic pods, connecting them together with thick white wires and then adjusting the pod’s buttons and knobs. These physical components will be used to create computer programs that can tell stories, make music and even crack jokes. “There really isn’t an equivalent to this physical way of programming,” said Jonathan Fogg, head of computing and IT at New College Worcester. The early access to basic coding skills is important, Fogg said, because many kids who are blind or low vision are drawn to careers in computer science. He thinks that’s partly because many of the skills kids with low vision develop to navigate the world make them good at the kind of computational thinking that’s helpful for a computer science career. And, he said, traditionally it has been a career that is more accessible to people who are blind or have low vision, because of tools such as screen readers. There's more posted on OUR Forum.

On 25 and 28 May 2018, the National Data Protection Commission (CNIL) received group complaints from the association's None Of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”). LQDN was mandated by 10 000 people to refer the matter to the CNIL. In the two complaints, the associations reproach GOOGLE for not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purposes. The CNIL immediately started investigating the complaints. On 1st June 2018, in accordance with the provisions on European cooperation as defined in the General Data Protection Regulation (“GDPR”), the CNIL sent these two complaints to its European counterparts to assess if it was competent to deal with them. Indeed, the GDPR establishes a “one-stop-shop mechanism” which provides that an organization set up in the European Union shall have only one interlocutor, which is the Data Protection Authority (“DPA”) of the country where its “main establishment” is located. This authority serves as “lead authority”. It must, therefore, coordinate the cooperation between the other Data Protection Authorities before taking any decision about a cross-border processing carried out by the company. In this case, the discussions with the other authorities, in particular with the Irish DPA, where GOOGLE’s European headquarters are situated, did not allow to consider that GOOGLE had a main establishment in the European Union. More details can be found on OUR FORUM.

Cybercriminals are increasingly recognizing that smaller businesses can be lucrative targets as they are able to devote fewer resources to security. Phishing defense specialist Cofense is launching a new Managed Security Service Provider (MSSP) program aimed at providing SMBs with human-driven solutions designed to stop an active phishing attack. Cofense has partnered with a targeted group of service providers to provide their customers the dedicated resources required to strengthen defenses, build attack resiliency and ultimately stop real attacks in progress. "Phishing remains the top cause of security breaches, and when it comes to leveraging humans to help stop those threats in their tracks, SMBs can face a significant disadvantage compared to enterprises with more resources," says Robert Iannicello, VP of global channel sales at Cofense. "Our MSSP program will arm more small and mid-sized organizations with the necessary tools to build attack resiliency and most importantly, report, respond to and stop active phishing threats. Also, our programs will offer key incentives and pricing designed exclusively for our MSSP partners to ensure their go-to-market success. We look forward to enabling more partners and their customer organizations with the resources needed to thwart phishing attacks across the globe, regardless of company size and scope." Learn more by visiting OUR FORUM.

noyb, a European privacy enforcement non-profit organization which focuses on commercial privacy issues on a European level, has filed ten GDPR complaints with the Austrian Data Protection Authority, on behalf of ten users which it represents, against eight online streaming companies for violations of Article 15. "As GDPR foresees € 20 million or 4% of the worldwide turnover as a penalty, the theoretical maximum penalty across the 10 complaints could be €18.8 billion," says noyb. According to Max Schrems, noyb's Director, all those companies (i.e., Amazon, Apple, DAZN, Spotify, SoundCloud, YouTube, Flimmit, Netflix) have been tested to check their compliance of the General Data Protection Regulation (GDPR) "right to access" provision described in the EU regulation's Article 15. The "right to access" grants all EU citizens the "right to get a copy of all raw data that a company holds about the user, as well as additional information about the sources and recipients of the data, the purpose for which the data is processed or information about the countries in which the data is stored and how long it is stored." After testing the eight companies "right to access" compliance, noyb found out that none of the eight streaming companies were fully compliant with Schrems going as far as to say that they were all engaging in "structural violation" of the EU data protection legislation. There's more to this post on OUR FORUM.