Google Updates Privacy Policy To Make It Easier To Understand

Joanna Estrada
May 15, 2018

Yet only 42 percent of 1,000 companies surveyed in the US and the European Union will be ready to comply with the GDPR on May 25, according to an April report by McDermott Will & Emery LLP and the Ponemon Institute LLC.

Unless they band together and share a DPO, it may be hard for small businesses to find someone suitable to take on the role, because the individual must be independent of management. It is critical to realize that GDPR is just one part of the equation, serving as a floor, not a ceiling, for data protection in the EU.

Do you know where your data is?

Financial Services - Financial organizations often maintain huge stockpiles of PII data on account holders. Organisations that fail to comply with the new regulation may face hefty fines. Consent can be granted for the use of data for a specific objective and then revoked, only to be granted again for another goal. Companies will need to put in place practices that demonstrate that their processing activities are compliant.

"We have been working on our compliance efforts for over 18 months and ahead of the new law coming into effect we are updating our current Privacy Policy to make it easier to understand what information we collect and why we collect it", William Malcolm, Director, Privacy Legal EMEA at Google, wrote in the post. "Personal data" in this context means data relating to a living individual who can be identified from that data, or can be identified from that data taken together with other information that we hold or we may be likely to obtain.

In the future, Google will offer you a better way to export Google data.

User consent is also important. Most U.S. states only require companies to alert the individuals affected by the breach. Article 8 details the conditions for children's consent. "Manage or mute the ads you see on Google, on websites and in apps using the recently upgraded "Ads Settings" tool and "Mute This Ad control", Malcolm said. In the light of the ongoing Facebook data privacy scandal, the Equifax breach, and the Uber data breach, people are becoming more aware and concerned about their privacy and security online. Companies should have protocols in place to respond to breaches that address timing and notice requirements. If there is a data breach, the individual must be notified within 72 hours of the data breach. "These include e-commerce-based organizations operating internationally, as well as companies that serve significant numbers of tourists, visitors, or expatriates from the European Union".

Personal data related to our customers or prospective customers.

The attendee is told, during the registration process, that their data will be collected by exhibitors for the objective of marketing/selling their product to the attendee.

Privacy by Design is also introduced, which means that only the data absolutely necessary to carry out duties can be held and processed. This data governance can range from an internal Information Governance (IG) team to a dedicated Data Protection Officer whose sole job is to monitor the use and protection of the data. It also rejected the request to scrap the requirement for smaller pharmacies to appoint a data expert.

The data protection/security section of the GDPR covers how a company that has legally obtained access to an individual's data protects that data from others. Fines of up to EUR20 million or 4% of the firm's turnover (whichever is greater) can be imposed for the most serious data protection offences.

Other reports by Click Lancashire

Discuss This Article

FOLLOW OUR NEWSPAPER