Latest privacy news, expert guidance and resources


July 24, 2017 -

Norway Publishes Consultation Notes on Draft Personal Data Act

Norway has published consultation notes on a new draft Personal Data Act (the Act) designed to implement the principles [...]

July 20, 2017 -

EEA Adopts the EU-U.S. Privacy Shield Framework

On July 7, the European Economic Area (EEA) – which consists of Iceland, Liechtenstein, and Norway – adopted the EU-U.S. Privacy [...]

July 19, 2017 -

After Reference by Article 29 Working Party, ISO publishes ISO/IEC 29134:2017

The International Organization for Standardization (ISO) recently published its ISO/IEC 29134:2017 framework “guidelines for privacy impact assessment.” The framework [...]

July 13, 2017 -

OneTrust GDPR Deep Dive Series: Chapter 4

OneTrust GDPR Deep Dive Series Chapter 4: Controller and Processor Chapter 4 of the GDPR not only contains the first [...]

July 10, 2017 -

Belgian DPA Issues Guidance on Article 30 Records of Processing Requirements

Under the EU General Data Protection Regulation (GDPR), set to go into effect on 25 May 2018, organisations will [...]

July 6, 2017 -

WP29 Publishes Opinion on Data Processing at Work

The Article 29 Working Party (WP29) has issued Opinion 2/2017 on data processing at work (the “Opinion”). The Opinion [...]

June 29, 2017 -

OneTrust GDPR Deep Dive Series: Chapter 3

OneTrust GDPR Deep Dive Series Chapter 3: Rights of the Data Subject One of the most important goals of the GDPR is to [...]

June 28, 2017 -

Recap of IAPP | OneTrust Webinar – GDPR Expert Panel: Lessons Learned on How to Tackle Article 30

Click here to watch the recording of the IAPP | OneTrust Webinar – GDPR Expert Panel: Lessons Learned on [...]

June 23, 2017 -

UK Information Commissioner’s Office Publishes Revised Subject Access Code of Practice

The UK Information Commissioner’s Office (ICO) has published a revised version of its Subject Access Code of Practice. The [...]

June 21, 2017 -

OneTrust Featured in Ovum’s On The Radar Report

Download Ovum’s On The Radar Report about OneTrust here. Introduction New legislative instruments such as GDPR often impose a range of [...]

June 16, 2017 -

ePrivacy Regulation Draft Report Released By LIBE Committee

With so much attention paid to the General Data Protection Regulation (GDPR) taking effect 25 May 2018, the proposed [...]

June 15, 2017 -

OneTrust GDPR Deep Dive Series: Chapter 2

OneTrust GDPR Deep Dive Series Chapter 2: Principles Chapter 2 outlines basic principles and provides information to help companies prepare [...]

June 14, 2017 -

IAPP | OneTrust Webinar – GDPR Expert Panel: Lessons Learned on How to Tackle Article 30

IAPP | OneTrust Webinar GDPR Expert Panel: Lessons Learned on How to Tackle Article 30 Thursday, June 22, 2017 [...]

June 13, 2017 -

Germany Approves New Federal Data Protection Act

Germany’s Federal Assembly has approved the new Federal Data Protection Act with amendments (in German only), which is set [...]

June 9, 2017 -

Legitimate Interests: Italian DPA Issues Decision and CIPL Provides Recommendations

As the countdown to GDPR continues, it is becoming clear to many that legitimate interests will be a popular [...]

June 1, 2017 -

Introducing the OneTrust GDPR Deep Dive Series: Chapter 1

Introducing the OneTrust GDPR Deep Dive Series The one-year countdown to GDPR started last week. To mark the occasion, OneTrust [...]

May 23, 2017 -

Sweden’s Data Protection Commission Publishes Report on Adapting to the GDPR

In February 2016, the Swedish Government tasked a group of experts with evaluating how Swedish laws should be adapted [...]

May 22, 2017 -

Austrian Parliament Publishes Draft Data Protection Adjustment Act

The Austrian legislature has commenced a six-week consultation process for a draft Data Protection Adjustment Act 2018 (Datenschutz-Anpassungsgesetz 2018), [...]

May 19, 2017 -

New June Dates Announced for SmartPrivacy Workshop Tour 2017

7 Cities | 4 Countries Save Your Seat Today Join us for a SmartPrivacy workshop in a city near you! We’ve [...]

May 16, 2017 -

Working Party Opinion on the Proposed EU ePrivacy Regulation

The Article 29 Working Party has released an Opinion on the Proposed EU ePrivacy Regulation, intended to replace the [...]

May 12, 2017 -

German DPA Releases English Translation of the Standard Data Protection Model

A German data protection authority (DPA) has published an English translation of the draft Standard Data Protection Model (SDM), [...]

May 11, 2017 -

Allianz Selects OneTrust Software for GDPR Accountability and Compliance

OneTrust, the leading enterprise privacy management software used by over 1,000 organizations to comply with global privacy regulations including [...]

May 9, 2017 -

German Parliament Passes New Federal Data Protection Act in Preparation for GDPR

The German Parliament has passed a new Federal Data Protection Act (FDPA) intended to adapt current German data protection [...]

May 5, 2017 -

Italian DPA Issues Guide for the Application of the GDPR

On April 28, 2017, the Garante (Italian data protection authority) released its first guide for the application of the [...]

April 27, 2017 -

Dutch DPA Offers 10-Step Plan for GDPR Readiness

The Dutch DPA recently published a 10-step plan to help organizations prepare for the EU General Data Protection Regulation [...]

April 19, 2017 -

OneTrust Joins RSA® Ready Technology Partner Program

OneTrust Privacy Management Software Joins RSA® Ready Technology Partner Program Interoperable Solution with RSA Archer® GRC Platform Offers Enterprises [...]

April 18, 2017 -

IAPP Announces Data Mapping Automation Powered by OneTrust

IAPP Announces Data Mapping Automation Tool Powered by OneTrust Free for IAPP Members to systematically inventory and update personal [...]

April 14, 2017 -

Article 29 Working Party Guidelines on Data Protection Impact Assessments

The Article 29 Working Party adopted on 4 April 2017 guidelines on Data Protection Impact Assessments (DPIAs) and determining [...]

March 24, 2017 -

OneTrust | IAPP Webinar – Data Mapping & Article 30: How to Scale in Practice

    Good data governance means understanding and controlling your organization’s information flows. But before you can effectively achieve [...]

March 21, 2017 -

SmartPrivacy – Local Workshops by OneTrust

The OneTrust team is excited to announce SmartPrivacy, a practitioner focused, half-day local workshop series where privacy professionals can learn from [...]

March 17, 2017 -

CNIL Six-Step Guide to GDPR Preparation

The Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, published a six-step guide to help [...]

March 14, 2017 -

IAPP Launches EU Cookie Compliance Tool Powered by OneTrust

IAPP Launches EU Cookie Compliance Tool Powered by OneTrust Free for IAPP Members to automate website scanning, cookie policy [...]

March 13, 2017 -

GDPR Consent Guidance Published by the UK ICO

The United Kingdom Information Commissioner’s Office (UK ICO) released guidance on consent as a legitimate means of processing under [...]

February 22, 2017 -

Nobody Likes Cookie Pop-Ups: Browser-Based Consent and the ePrivacy Regulation

The ePrivacy Regulation proposals have been made public for a few weeks now, and there appear to be some far-reaching [...]

February 14, 2017 -

Spanish Data Protection Authority Publishes GDPR Guides for Spanish SMEs

The Spanish Data Protection Authority – Agencia Española de Protección de Datos (AEPD) – recently published three guides to [...]

January 31, 2017 -

How GDPR Compliance Can Save You Money

As January comes to a close, reality begins to sink in that 2017 is the final full calendar year [...]

January 26, 2017 -

The Future of EU Cookie Compliance Webinar Recording

The Future of EU Cookie Compliance [Recording] Presented by OneTrust Speakers Jonathan Kaley-Isley, Global Head of Privacy & Data [...]

January 18, 2017 -

Reminder to Register for Our EU Cookie Compliance Webinar

Reminder to register for our webinar tomorrow to learn more about the future of EU Cookie Compliance and how [...]

January 17, 2017 -

NIST Turns FIPPS into Concrete Privacy Objectives and Risk Model for Federal Agencies

Geared towards information systems engineers, the National Institute of Standards and Technology (NIST) Internal Report (NISTIR) 8062 addresses privacy [...]

January 12, 2017 -

Belgian DPA Seeks Public Comments on DPIA Draft Recommendation

As the Belgian DPA (Commission de la protection de la vie privée) highlighted in a recent publication, data protection [...]

January 10, 2017 -

New EU ePrivacy Regulation Released

With the release of the new ePrivacy Regulation, we invite you to join privacy experts from Hogan Lovells, BlackRock, [...]

December 29, 2016 -

The Future of EU Cookie Compliance White Paper

Two weeks ago, we published a blog post that highlighted some of the finer points of the proposed legislation that was [...]

December 27, 2016 -

#5QsforCPOs: Andrea White – Chief Compliance Counsel and Privacy Officer @ Toyota

In our #5QsForCPOs blog series, OneTrust conducts short, informative interviews with CPOs and senior-level privacy pros to uncover insights [...]

December 20, 2016 -

OneTrust Data Mapping Webinar Recording

Data Inventory and Mapping Webinar [Recording] Presented by: IAPP & OneTrust In this webinar, we discussed: Why data mapping [...]

December 20, 2016 -

Interactive Toys Violate Children’s Privacy Rights

Back in September, four major toy companies were fined for violating COPPA laws. Now, as we near the holiday [...]

December 16, 2016 -

WP29 Releases GDPR Implementation Guidelines and FAQs

  Coming at the heels of the EU ePrivacy Regulation leak, the Article 29 Working Party (WP29) issued a [...]

December 14, 2016 -

Draft of the EU ePrivacy Regulation Leaked

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the website this [...]

December 7, 2016 -

OneTrust Launches U.S. Federal Agency Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) Templates for IAPP Members

New privacy assessment templates to support U.S. federal agency privacy compliance, based on Department of Homeland Security ATLANTA, Dec. 7, [...]

November 30, 2016 -

GDPR Compliance Means Cookie Notices Must Change

You’re probably one of those people who ticked the cookie law box ages ago and hasn’t thought about it since. The [...]

November 22, 2016 -

Cellphone Privacy Risks in America

“Privacy is central to every major issue of our time, from immigration and reproductive rights to criminal justice, national [...]

November 15, 2016 -

EU Businesses Aren’t Just Unprepared for GDPR… They’re Underpreparing

Computing UK conducted a study in February 2016 that revealed some startling facts about EU businesses’ lack of preparedness [...]

November 8, 2016 -

IAPP Launches EU Data Transfer Kit Powered by OneTrust

Complimentary IAPP & OneTrust platform supports compliance with data transfer regulations: GDPR, Privacy Shield and BCR ATLANTA, Nov. 9, [...]

November 1, 2016 -

Brexit and The Cookie Law

As the world now knows, the UK has voted to leave the EU, so does this mean the end [...]

October 27, 2016 -

Can Data Science Transform UK Governance Without Violating Privacy Rights?

As Parliament begins hearings for the proposed Digital Economy Bill, questions have begun to arise about the UK government’s [...]

October 25, 2016 -

Ann Cavoukian Founds New Privacy Council: GPSbyDesign

Last week, Ann Cavoukian – one of our trusted advisors and creator of the concept of Privacy by Design [...]

October 20, 2016 -

Facebook Is The Latest, But Many Companies Are Slow To Adopt Privacy Shield

Last week, Facebook quietly adopted Privacy Shield, the controversial agreement that allows US technology companies to transfer EU citizens’ [...]

October 18, 2016 -

How Sharenting Violates Children’s Privacy Rights

This year marks the 10th anniversary of Facebook and Twitter: perhaps the two strongest social media drivers of what is now [...]

October 13, 2016 -

The Hospitality Industry Stores More Personal Data Than Any Other Industry

While virtually all businesses that use computer systems are, to some extent, vulnerable to data breaches, the hospitality industry [...]

October 11, 2016 -

Privacy Compliance with Big Data Systems

Privacy policies are overly complicated. It’s as if they’ve been written by lawyers, for lawyers, and certainly not meant [...]

October 6, 2016 -

Voting Online Would Mean Giving Up Your Legal Right to Privacy

The right to an anonymous vote is a cornerstone of the U.S. democratic process, and yet voters’ personal data [...]

October 4, 2016 -

OneTrust Adds Dr. Alexander Dix to Advisory Board

OneTrust Welcomes Influential European Data Protection Veteran, Dr. Alexander Dix, to its Advisory Board Dr. Dix is currently the [...]

October 3, 2016 -

Can Payments Companies Monetize Data and Still Comply with GDPR?

A growing trend among payment service providers is identifying opportunities to monetize customer data. While some organizations will sell [...]

September 30, 2016 -

Snap Inc. Displays Commitment to Privacy By Design With New Wearable

Last week, Snap Inc. (the new business parent of social app, Snapchat) announced the launch of their wearable technology [...]

September 29, 2016 -

What Charities and Non-Profit Organizations Should Know About GDPR

Between fundraising, events, and charitable giving, non-profit organizations collect a ton of personal information, which makes them just as obligated [...]

September 27, 2016 -

OneTrust Privacy Management Platform Listed in Three Independent 2016 Gartner Hype Cycle Assessments

ATLANTA, Sept. 27, 2016 /PRNewswire/ — OneTrust, the leading software platform designed to operationalize data privacy compliance and Privacy by [...]

September 27, 2016 -

GDPR Will Require Accountability Through Privacy (and Security) by Design

  PRIPARE defines Privacy by Design a few different ways: To apply a set of principles from the design [...]

September 26, 2016 -

Concept of a Privacy Threshold Assessment (or Analysis)

PTA Overview Privacy Impact Assessments/Analyses (PTAs) are an important aspect of privacy compliance documentation, but aren’t the only evaluations [...]

September 23, 2016 -

#5QsforCPOs: Pat Manzo – EVP, Global Customer Service & Chief Privacy Officer @ Monster

  In our #5QsForCPOs blog series, OneTrust conducts short, informative interviews with CPOs and senior-level privacy pros to uncover [...]

September 22, 2016 -

Variances in Privacy Terminology Due to “Legal Speak”

Privacy terminology not only differs in each country, but it can vary from company to company, no matter where [...]

September 20, 2016 -

Privacy Pros Are Losing Their Minds Over This New IoT Advertising Tech

It wasn’t long ago that digital consumers were baffled by retargeting and thrown by cart abandonment messaging. More recently, [...]

September 15, 2016 -

Snowden Movie Review + Live Q&A

Laura Poitras’ Citizenfour, a documentary recount of Edward Snowden’s 2013 whistleblowing exploits, endured a somewhat disappointing limited release in 2014, [...]

September 14, 2016 -

IAPP Launches OneTrust PIA Platform at PSR Conference

IAPP Launches Comprehensive PIA Platform Powered by OneTrust Free, online platform to support GDPR compliance for multinational organizations ATLANTA, [...]

September 13, 2016 -

OneTrust Acquires Optanon, Expands Internationally

OneTrust Acquires Leading Website Auditing and Cookie Compliance Solution Expands International Presence with Optanon acquisition ATLANTA, Sept. 13, 2016 [...]

September 9, 2016 -

Challenging Aspects of Privacy Shield

  The two most challenging aspects of Privacy Shield are timing and vendor management requirements. Many organizations are deciding [...]

September 8, 2016 -

5 Things You Need To Know About GDPR – Video

In a new video series from Bloomberg BNA, Managing Editor of Privacy & Data, Don Aplin, offers viewers a [...]

September 5, 2016 -

Privacy Shield Overview & Tentative Take-Up

  A little over a month into Privacy Shield, and the data transfer agreement now protects 200 business entities, [...]

September 1, 2016 -

Agents Don’t Fully Understand Cyber Insurance

Eduard Goodman, Chief Privacy Officer of identity theft protection firm, IDT911, recently discussed the importance of cyber insurance in [...]

August 30, 2016 -

Privacy Risks with DNA

As our society continues to innovate, we find ourselves longing to know more about our past, and companies like [...]

August 30, 2016 -

OneTrust Announces New Advisory Board

Privacy by Design creator Cavoukian, among the greatest minds in privacy, serving on OneTrust Advisory Board Ann Cavoukian, Jules [...]

August 24, 2016 -

Kroger Updates Privacy Policy: Video

Fortune 500 grocery store giant, Kroger, sent automated emails to its Kroger Plus savings card account holders with an [...]

August 15, 2016 -

GDPR and Operational Reform

Data Protection was once the siloed concern of a company’s privacy team, but GDPR’s imminence has elevated data protection [...]

August 13, 2016 -

Gender Equality in the Privacy Industry

A 2015 IAPP Salary & Governance Survey revealed that in the privacy field – a discipline that operates at [...]

August 10, 2016 -

How Brexit Will Impact U.K.’s GDPR Compliance

On June 23, U.K. citizens approved Article 50, a Brexit from the EU for social and political reasons, but [...]

August 10, 2016 -

One Week Into Privacy Shield

A few days into the new Privacy Shield program, and companies have slowly begun to assimilate –– submitting self-certification as [...]

August 9, 2016 -

Pokémon Go Privacy Scandal

Not even a month after the launch of the Pokémon Go augmented reality game app, a concerned citizen and privacy [...]