Many companies have been struggling with GDPR implementation over the past two years, putting much effort into new roles, privacy concepts, and workflows. Now that the dust of the immediate GDPR compliance rush is settling, the first details of fines imposed under the GDPR and the number of cases pending with Data Protection Authorities (DPAs) in Europe are being made public. In Germany, DPAs are investigating a broad range of non-compliance issues and showing a tendency toward increasing their enforcement activities, to the point that we expect an announcement of increasing GDPR sanctions and fines in Germany in the near future.
Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR).
In Hong Kong, the Privacy Commissioner for Personal Data recently exercised his rights under Section 36 of the Personal Data Ordinance and conducted an inspection of the data system of TransUnion Limited, Hong Kong’s major credit reference agency. While the inspection did not reveal any major data breaches or issues, the Commissioner has reported deficiencies in TransUnion’s personal data system and made a number of recommendations for improvement.