Overview of local laws that “implement GDPR”.
https://files.alston.com/files/Uploads/gdprtracker/
[in German] – GDD Praxishilfe Datenschutzfolgenabschätzung
https://www.gdd.de/downloads/praxishilfen/GDD-Praxishilfe_DS-GVO_14.pdf
[Germany]: Data Subject Access Rights – c’t launches “torture questionnaire”
[in German]: c’t article with detailled template letter to enact data subject access rights [c’t is a popular German IT magazine] – They call it the “torture questionnaire”…
(link at the bottom of article)
https://www.heise.de/ct/ausgabe/2018-5-Die-DSGVO-bringt-den-Buergern-neue-Rechte-3965940.html
HIPAA violations: $2.5 million settlement for US Diagnostics company
First settlement involving a wireless health services provider, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias.
In January 2012, CardioNet reported to the HHS Office for Civil Rights (OCR) that a workforce member’s laptop was stolen from a parked vehicle outside of the employee’s home. The laptop contained the ePHI of 1,391 individuals. OCR’s investigation into the impermissible disclosure revealed that CardioNet had an insufficient risk analysis and risk management processes in place at the time of the theft.
Additionally, CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented. Further, the Pennsylvania –based organization was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.
https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/cardionet/index.html
PrivacyScore checks web sites for privacy issues
“PrivacyScore is open source software and we plan to release all collected datasets for research purposes. Besides running it as a public service, PrivacyScore can also be deployed in-house. This will help DPAs that are faced with the task of enforcing a large number of regulatory requirements specified in the General Data Protection Regulation (GDPR).
https://arxiv.org/pdf/1705.05139.pdf
Tool is at https://privacyscore.org/
Baker McKenzie 2017 Global Privacy Handbook
Privacy-by-design in software development
Norway: DPA publishes (short) guide (in English)
ICO: Learning from mistakes of others..
Online services.. – good list of controls that your friendly British Privacy Regulator strongly suggests..
Norwegian DPA blocks three smart device vendors from processing customer data
The Norwegian DPA has given Gator AS orders to discontinue all processing of personal information about its customers since they have not provided enough information in the smart bells they provide. In addition, PepCall AS and GPS for children – Smartprodukt AS have been notified of similar decisions.
Use right-click in Chrome to translate: