Thousands of employees’ biometric data must be deleted, according to a new ruling by the Information Commissioner’s Office. Serco, one of the UK’s largest employers was told to stop using fingerprint scanners and facial recognition software for staff clocking on and off in a warning that could force many other employers to change their practices.

Continue reading

How to comply with Lei Geral de Proteção de Dados, Brazil’s data protection law

Brazil’s Lei Geral de Proteção de Dados (LGPD) is the country’s first comprehensive personal data protection law. It entered into force in September 2020 and and aligns closely with the EU’s sweeping data privacy act, the General Data Protection Regulation (GDPR).

Before LGPD, data privacy regulations in Brazil consisted of various provisions spread across Brazilian legislation. The aim of the LGPD was to unify the 40 different Brazilian laws that regulated the processing of personal data.

LGPD sets forth Brazil’s conception of personal data and when its use is authorised. Comprising 65 articles, it deals with the rights of data subjects and has 10 legal bases for the processing of personal data, which is four more than GDPR.

Continue reading

Wednesday 22 May 12pm UK

The EU’s General Data Protection Regulation (GDPR) has now been in force for six years. During that time, fines have totalled billions of euros, with over €1 billion in fines coming in the past 12 months. The most recent fines show that both large and small businesses are subject to regulators’ scrutiny.

With fines and enforcement actions, developments in GDPR case law and new challenges of AI, data protection remains one of the most complex areas of compliance. Despite best efforts, many organisations are still falling short when it comes to getting GDPR right.

Join us for a live, one-hour webinar on GDPR’s sixth anniversary. In this webinar, we will look at GDPR’s widespread impact, not just in Europe but around the world. As places like Brazil, California and even China race to enact GDPR-like protections, what does the future hold for data privacy?

The webinar will cover:

  • Recent GDPR fines and case studies
  • International developments and new GDPR-style laws around the world
  • Focus areas for EU data protection authorities
  • Where the UK and US stand with data protection and GDPR
  • Artificial intelligence and data protection laws
  • Best practice guidance to solidify your GDPR compliance

Register Now

Thanks to GDPR, DPIAs matter more than ever. Here’s why – and tips on how to do them

A data protection impact assessment (DPIA) is a process to help identify and minimise the data protection risks of a project. They always mattered but the General Data Protection Regulation (GDPR) made them matter much, much more.

As most Data Protection Officers (DPOs) and data processors are aware by now, GDPR added significant compliance burdens. Under GDPR, data breaches need to be reported to the authorities within 72 hours and each new data processing activity needs to be documented. GDPR also introduced a new obligation to do a DPIA before carrying out processing likely to result in high risk to individuals’ interests. If your DPIA identifies a high risk which you cannot mitigate, you must consult the Information Commissioner’s Office (ICO). The regulator can recommend changes to reduce the risk, give a formal warning not to carry out the processing or even ban the processing altogether. 

Continue reading

It’s been almost six years since Europe’s data protection landscape changed with GDPR. Are you prepared for SARs?

Since the General Data Protection Regulation (GDPR) was passed there has been almost constant change for companies, with new case law, rulings and court cases making compliance with GDPR an ongoing hot topic for organisations of all shapes and sizes.

With GDPR decisions from 27 different member states coming through on an almost daily basis, it can be a challenge to ensure compliance. One of the basic rights of GDPR is a subject access request (SAR). It provides people with the right to access and receive a copy of their personal data, and other supplementary information. SARs can be made verbally or in writing, including via social media.

People are entitled to find out what personal data is held about them by an organisation, why the organisation is holding it and who else knows the information. 

Continue reading

In January 2022, China promulgated two laws specific to AI applications. While the provisions regarding the management of algorithmic recommendations for internet information services (Algorithm Provisions) have been in effect since March 2023, the provisions for managing deep synthesis of internet information services (Draft Deep Synthesis Provisions) are still in the drafting stage.

Continue reading

The newly elected leftist government of Lula in Brazil is in the process of developing its first law to regulate artificial intelligence. In December 2022, a Senate panel presented a report containing studies on AI regulation, along with a draft for AI regulation. 

The main aims of the legislation are to safeguard the rights of individuals affected by AI systems, categorise the level of risk associated with these systems, and establish governance measures for companies that provide or operate AI systems.

Continue reading

Download your free guide to GDPR and automation

GDPR presents not just a single compliance challenge – how to get policies and procedures right – but an ongoing plethora of overlapping priorities that have to be dealt with at various levels of the business. From implementing technical measures, tracking data subject requests and putting in place incident breaches registers, there is never an ‘end’ point to GDPR compliance.

However, automation of various data privacy and technical security tasks can vastly improve compliance efficiency and, more importantly, provide evidence of how your organisation complies with GDPR.

Download our free guide to GDPR and automation, featuring:

  • The key GDPR compliance challenges for different types of organisations
  • What is automation in compliance, and how does it work?
  • What kinds of GDPR tasks can be automated
  • Making the most of GDPR and automation
  • How to save your organisation time, money and hassle with automation tools

Risks and opportunities for compliance professionals in the artificial intelligence age

What is the future of AI regulation? What countries regulate the use of AI, and what issues do compliance professionals face when weighing up the risks and benefits of AI?

In this comprehensive guide, VinciWorks will take you through:

  • AI regulation in the EU, UK, US and more
  • AI and money laundering
  • AI, equality and discrimination
  • AI and data protection
  • Using AI safely and securely
  • The risks of using AI

Download our free guide to AI and compliance.