Data Protection

French Data Protection Fine for failure to take adequate security measures Global Data Protection French Data Protection Fine for failure to take adequate security measures CNIL fined FRANCE TRAVAIL, a national public administration institute. Hackers had managed to access France Travail’s information systems using a social engineering attack. CNIL concluded that the technical and organisational […]

Who is a processor? Briefing Document 2026

The Digital Personal Data Protection Act, 2023 (“DPDPA”) imposes certain obligations on the Data Fiduciary (i.e. entity processing the personal data). These obligations provide a framework, setting out the basic requirements for an entity to process personal data. The Act sets out the following requirements: Each of these aspects require further elaboration to ensure effective

The Digital Personal Data Protection Act, 2023 (“DPDPA”) mandates deletion of personal information that is either no longer required or fits the criteria for deletion. One global exception for the data deletion obligation is when the data is required for compliance with any law.  When to delete data – the easy way  Data deletion is

The Digital Personal Data Protection Act, 2023 (“DPDPA”) contemplates that consent be obtained for processing personal data of the Data Principal (“user”) but that the consent should be of a certain quality. The quality of the consent is determined by the following elements: Each of these requirements is to be satisfied for a consent to