04/06/20 GDPR Community Round-Up

Here’s a round-up of interesting reading we found online today*;

• The Danish data protection authority ('Datatilsynet') announced, on 2 June 2020, that it had issued, on 25 May 2020, its decision ('the Decision') finding that Carlsberg Danmark A/S's processing of personal data in connection with recruitment is compliant with the GDPR following an audit of the same. In particular, the Decision highlights that the audit focused on Carlsberg's retention and deletion of personal data of unsuccessful applicants collected in connection with recruitment for employment. Furthermore, the Decision notes that Carlsberg processed information about applicants to ensure documentation of proper recruitment procedures in the event of any complaints about, for example, discrimination, which was processed with a legitimate interest under Article 6(1)(f) of GDPR.

• Data flows across the Channel: The emerging UK-EU digital trade relationship. GDPR allows personal data to be transferred from EU territory only if the EU is satisfied that it will be accorded equivalent privacy protection in the foreign country. The European Commission has the authority to issue an “adequacy” finding to a foreign country meeting this standard. It has issued only thirteen of them, including to the United States—for data transfers made under the US-EU Privacy Shield Framework—and to Japan.

• During its 30th plenary session, the EDPB adopted a statement on data subject rights in connection to the state of emergency in the Member States. The Board also adopted a letter in response to a letter from Civil Liberties Union for Europe, Access Now and the Hungarian Civil Liberties Union (HCLU) regarding the Hungarian Government’s Decree 179/2020 of 4 May.

• Why should you know about LGPD, Brazil's Version of GDPR? By Usman Hayat. Organisations now cannot use your browsing information for their own benefits without your consent.

• Update from Israel, Data Protection Authority Publishes Guidelines For Reopening Of Schools And Businesses amidst the pandemic.

• A new report from Veeam reveals how many organisations are not sufficiently prepared for effective data protection and management. This points to an urgent need to modernise data protection and focus on Business Continuity to enable Digital Transformation.

• Interesting blog post "Most Victims Choose a Similar or Weaker Password after a Data Breach, Study Finds"

• Interesting blog post "Data Privacy and Cybersecurity Collides with the World of Intellectual Property in the New Decade"

• Researchers from cybersecurity firm vpnMentor discovered a data breach related to a popular Spanish e-Learning platform 8Belts, exposing personal data of over 100,000s of e-learners across the globe.

• The San Francisco Employees’ Retirement System, the city workers’ pension fund, reported a data breach affecting around 74,000 members. The pension system’s vendor, 10up Inc., said an outside party accessed a test data server with members’ information on Feb. 24. The server was closed and 10up Inc. said there was no evidence information was removed, but could not confirm whether the data was viewed or copied.

• Ransomware operators say they’re auctioning off victims’ confidential data in an attempt to put further pressure on them to pay hefty fees for its safe return. The Happy Blog, a dark Web site maintained by the criminals behind the ransomware known by the names REvil, Sodin, and Sodinokibi, began the online bidding process earlier on Tuesday.

• Infosec 2020: Covid-19 an opportunity to change security thinking. The annual Infosecurity Europe is being held virtually this year, and speakers at an online panel session have been considering the impact of the pandemic on security awareness.

*These sites aren’t affiliated with GDPR Community and these aren’t an advertisement, they’re simply site’s we’ve thought the community might have an interest in reading.