While the European Union forges ahead with proposals to strictly regulate the use of Artificial Intelligence, the UK has opted for a more ‘wait-and-see’ approach. But that looks set to change after the next election – which must be held before January 2025.
Continue readingThanks to GDPR, DPIAs matter more than ever. Here’s why – and tips on how to do them
A data protection impact assessment (DPIA) is a process to help identify and minimise the data protection risks of a project. They always mattered but the General Data Protection Regulation (GDPR) made them matter much, much more.
As most Data Protection Officers (DPOs) and data processors are aware by now, GDPR added significant compliance burdens. Under GDPR, data breaches need to be reported to the authorities within 72 hours and each new data processing activity needs to be documented. GDPR also introduced a new obligation to do a DPIA before carrying out processing likely to result in high risk to individuals’ interests. If your DPIA identifies a high risk which you cannot mitigate, you must consult the Information Commissioner’s Office (ICO). The regulator can recommend changes to reduce the risk, give a formal warning not to carry out the processing or even ban the processing altogether.
Continue readingIt’s been almost six years since Europe’s data protection landscape changed with GDPR. Are you prepared for SARs?
Since the General Data Protection Regulation (GDPR) was passed there has been almost constant change for companies, with new case law, rulings and court cases making compliance with GDPR an ongoing hot topic for organisations of all shapes and sizes.
With GDPR decisions from 27 different member states coming through on an almost daily basis, it can be a challenge to ensure compliance. One of the basic rights of GDPR is a subject access request (SAR). It provides people with the right to access and receive a copy of their personal data, and other supplementary information. SARs can be made verbally or in writing, including via social media.
People are entitled to find out what personal data is held about them by an organisation, why the organisation is holding it and who else knows the information.
Continue readingIn January 2022, China promulgated two laws specific to AI applications. While the provisions regarding the management of algorithmic recommendations for internet information services (Algorithm Provisions) have been in effect since March 2023, the provisions for managing deep synthesis of internet information services (Draft Deep Synthesis Provisions) are still in the drafting stage.
Continue readingThe newly elected leftist government of Lula in Brazil is in the process of developing its first law to regulate artificial intelligence. In December 2022, a Senate panel presented a report containing studies on AI regulation, along with a draft for AI regulation.
The main aims of the legislation are to safeguard the rights of individuals affected by AI systems, categorise the level of risk associated with these systems, and establish governance measures for companies that provide or operate AI systems.
Continue readingDownload your free guide to GDPR and automation
GDPR presents not just a single compliance challenge – how to get policies and procedures right – but an ongoing plethora of overlapping priorities that have to be dealt with at various levels of the business. From implementing technical measures, tracking data subject requests and putting in place incident breaches registers, there is never an ‘end’ point to GDPR compliance.
However, automation of various data privacy and technical security tasks can vastly improve compliance efficiency and, more importantly, provide evidence of how your organisation complies with GDPR.
Download our free guide to GDPR and automation, featuring:
- The key GDPR compliance challenges for different types of organisations
- What is automation in compliance, and how does it work?
- What kinds of GDPR tasks can be automated
- Making the most of GDPR and automation
- How to save your organisation time, money and hassle with automation tools
Risks and opportunities for compliance professionals in the artificial intelligence age
What is the future of AI regulation? What countries regulate the use of AI, and what issues do compliance professionals face when weighing up the risks and benefits of AI?
In this comprehensive guide, VinciWorks will take you through:
- AI regulation in the EU, UK, US and more
- AI and money laundering
- AI, equality and discrimination
- AI and data protection
- Using AI safely and securely
- The risks of using AI
Download our free guide to AI and compliance.
Wednesday 25th October, 12:00 pm UK time
In this webinar with iSTORM, specialists in privacy, security and penetration testing, we will look at how far cybersecurity education and awareness have come over the last two decades and what are the priorities for the future to ensure a secure and interconnected world.
This free, one-hour webinar will combine practical advice with the latest cyber concepts and challenges your organisation should know. From best practices in password management and multifactor authentication to the increasingly sophisticated ways scammers target companies with phishing attempts.
This webinar will cover:
– New cyber disclosure rules from the SEC and EU
– Best practice in breach reporting and GDPR compliance
– What all organisations must do to protect themselves
– Key governance requirements for cybersecurity
– Future trends in data protection and cybersecurity
The webinar will feature experts from the consultancy iSTORM and the VinciWorks compliance team.
Concerns about AI and its potential dangers have been raised by industry professionals, prompting calls for action. Over 50,000 signatories signed a letter in March urging an immediate halt in the development of “giant” AIs and the establishment of robust AI governance systems.
Continue readingWednesday 24 May, 12:00pm (UK)
The EU’s General Data Protection Regulation (GDPR) has now been in force for five years. During that time, fines have totalled close to €2.8 billion, with over €1 billion in fines coming in the past 12 months. The most recent fines show that both large and small businesses are subject to regulators’ scrutiny.
Listen again to our webinar on GDPR’s fifth anniversary to look at the effect the regulation has had on the way we collect and process data and what we can expect going forward. We were joined by our own in-house DPO and went through the key developments in GDPR from across the EU.
The webinar will cover:
– A review of where businesses are falling short in GDPR compliance
– What can we learn from recent GDPR fines and enforcement actions?
– An update on the UK government’s proposed GDPR reforms
– The GDPR risks of AI services like ChatGPT
– Best-practice guidance
– How to take your GDPR compliance to the next step