VeraSafe

European privacy regulators are starting to take notice of low-cost, low-effort, tick-the-box DPO solutions, and they're not impressed. The Belgian DPA recently fined a company €245,000 for, among other things, failure to provide adequate resources to their part-time, outsourced DPO. The DPA held, in part, that: 💡 "An adequate allocation of time for the DPO to effectively fulfill their duties is essential. This aspect is particularly important when the DPO performs their role part-time, whether they are internal or external to the organization. 💡 The lack of time allocated to the DPO for the exercise of their functions could lead to conflicts of priorities and compromise their ability to fulfill their duties. To address this situation, WP29 recommends determining, in conjunction with the DPO, the estimated time needed to perform their role (the need is greater when entering the role). It may be useful to establish a work plan that prioritizes the DPO's tasks to ensure they have the necessary time to fully assume their responsibilities. Furthermore, it is essential that the allocation of resources for the DPO is proportional to the size, complexity, structure, and risks associated with the data processing activities. Consequently, the more complex or sensitive the processing operations, the more substantial the resources allocated to the DPO will need to be." (Translated with the help of ChatGPT from the original French.) ❗ If your business is relying on a DPO service that only supports you for a few hours per month, you're in danger of this happening to you. If you're concerned about whether your DPO solution is compliant, I'm happy to chat. #dpo #gdpr #privacy #dataprotection

Recently, 13 VeraSafe team members from Europe, South Africa, and South Korea gathered for a memorable micro meetup in the picturesque setting of Babylonstoren near Cape Town, South Africa. From collaborative work sessions to exploring the beautiful surroundings, every moment was filled with camaraderie and teamwork. As a 100% remote company, these in-person gatherings are invaluable to our culture. They help bridge the distances between our remote locations and strengthen our bonds as a global team. #TeamMeetup #RemoteWork #GlobalCollaboration 

Some really great panel discussions at Privacy Symposium this week. For example, the one about online direct marketing: Dr. Sachiko Scheuing highlighted how online advertising has democratized the landscape. Small companies now have access to advertising opportunities that were once exclusive to big corporations. She also debunked a common myth—advertisers don't merely track users indiscriminately; they track to personalize ads. Peter Craddock emphasized the strides European AdTech companies have made in compliance, particularly steering clear of sensitive category data, which has become a "no-go" area. He provided an interesting perspective on dark patterns, suggesting that not all are bad and there's a crucial distinction between lawful and unlawful dark patterns. Tobias Judin 🏳️🌈 underscored the necessity of reinstating actual choice for users. He argued for putting humans back in the loop and warned that without improved compliance, legislators might be inspired to curtail online advertising. Luca Bolognini shared innovative ideas to enhance transparency in online advertising, which could empower users to make more informed decisions about their data. Kudos to Elise L. for her skillful chairing of the debate. VeraSafe #PrivacySymposium #OnlineMarketing #AdTech #DataPrivacy #UserChoice #Compliance #Transparency #DataEthics

Greetings from Venice! Danie Strachan and Anastasia Pavlou have been gaining valuable insights, engaging with global privacy professionals, and discussing critical issues in privacy and data protection at the 2024 Privacy Symposium. A special highlight was Danie’s presentation on “When Laws are Inadequate: Enabling Compliant Health Data Transfers Between South Africa and the EU.” Thank you to everyone who joined the discussion! There were also several insightful sessions featuring Garante President Pasquale Stanzione, UK Information Commissioner John Edwards, FTC Commissioner Alvaro Bedoya, CNIL President Ms. Marie-Laure Denis, Head of the Secretariat of the EDPB Ms. Isabelle Vereecken, and many more. #PrivacySymposium #EDPB #CNIL #ICO #FTC

VeraSafe is delighted to welcome Nathalie Conradie to the team as Associate Privacy Counsel. Nathalie brings over six years of legal experience to her role, including a background in corporate and commercial law from a top national firm in South Africa. Her extensive knowledge of data privacy compliance, information and communication technology, and commercial advisory will be a great asset. Please join us in welcoming Nathalie to the team! #NewHire #RemoteWork #VeraSafe

The draft American Privacy Rights Act (APRA) has been released, promising sweeping changes to how we handle data privacy in the U.S. From expanded consent requirements to enhanced consumer rights, this legislation could reshape the landscape for businesses and individuals alike. Joseph C Hansen and Danie Strachan go over the key provisions and takeaways in our latest blog article: https://lnkd.in/gWQTv8sM Stay tuned for further updates on the APRA's progress and its potential impact on your business. #APRA #Privacy #PrivacyLaw #DataProtection 

VeraSafe is delighted to welcome Vlad Buzdugan to the team as our newest Project Manager. Vlad is an Admitted Attorney of the High Court of South Africa and joins us from the vibrant city of Cape Town. He holds both an LLB and an LLM and brings over a decade of experience in technology law. Vlad has represented a wide range of South African and international clients, and we are thrilled to have him join us. Please help us welcome Vlad to the team! #NewHire #RemoteWork #VeraSafe

VeraSafe is thrilled to announce that Danie Strachan will be speaking at the upcoming Privacy Symposium in Venice, Italy on June 10th. Danie will delve into the challenges involved in health data transfers between South Africa and the European Union. Key topics will include: 🔹 The major differences between South Africa’s Protection of Personal Information Act (POPIA) and the EU’s General Data Protection Regulation (GDPR). 🔹 The impact of these differences on the lawful sharing of personal data between South Africa and EU member states. 🔹 The role of Data Transfer Agreements and Data Access Committees in bridging these legal gaps. 🔹 How these tools can ensure compliant and ethical data sharing, fostering scientific progress.    This is a must-attend for anyone involved in health research, clinical trials, and research data management.  With more than 140 sessions, the Privacy Symposium will give the floor to over 300 top-level authorities, international organizations, experts, and practitioners to discuss topics such as artificial intelligence, data protection in practice, privacy economy and finance, health and medical data, privacy enhancing technologies, etc. For more information, visit: https://lnkd.in/eRYbtXjR #PrivacySymposium #DataProtection #Privacy #PrivacyLaw #GDPR #CrossBorderData #POPIA #ClinicalTrials

At VeraSafe, we love to foster collaboration and connection – even when our teams are spread across the globe. That’s why we’re incredibly grateful for the Starlink technology from our client, SpaceX. It recently allowed a small group of our team members to co-work seamlessly at a micro meetup in the stunning landscapes of Zambia! Thanks to Starlink’s portable internet, our team was able to collaborate effectively, share ideas, and build stronger connections – all while experiencing the beauty of Africa. #Starlink #SpaceX #Zambia #MicroMeetup #Collaboration #Innovation 

Exciting news from the EU today. The Council of the European Union has officially approved the AI Act, marking the first global set of rules on artificial intelligence. The landmark legislation will be published in the EU’s Official Journal in the coming days and will enter into force twenty days after publication. 𝐊𝐞𝐲 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬: ➡️ The AI Act follows a risk-based approach, meaning that the higher the risk of causing harm to society, the stricter the rules. Low-risk AI systems will face minimal transparency requirements, while high-risk AI systems will need to undergo impact assessments and ensure compliance with the law before introducing products to the public. AI systems deemed the most threatening, such as those used for cognitive behavioral manipulation, social scoring, and predictive policing, will be outright banned. ➡️ A new governance architecture will be established, which includes an AI Office, a scientific panel of independent experts, an AI Board with member state representatives, and an advisory forum for stakeholders. ➡️ Fines for AI Act violations are based on a percentage of the company’s global annual turnover or a predetermined amount, whichever is greater. SMEs and start-ups face proportional administrative fines. Read the full press release here: https://lnkd.in/d3933wu8 VeraSafe stands ready to support your organization in understanding and complying with these new regulations. Schedule a free consultation to get started. https://lnkd.in/dPr-b4yY #AIA #ArtificialIntelligence #AIAct #RiskManagement #Compiance #TechRegulation