Latest news with #EUGeneralDataProtectionRegulation
Kuwait Times
2 days ago
- Politics
- Kuwait Times
EU GDPR should merely be a guiding framework for Kuwaiti legal system
By Noura Almutairi Since May 25, 2018, the EU General Data Protection Regulation (GDPR) has been applied across all EU member states, establishing a global benchmark. Several countries, including South Korea, Brazil, Japan, Kenya, Egypt, Indonesia and the US State of California, have enacted data privacy laws aligned with the GDPR. Unlike the EU Data Protection Directive (DPD), the GDPR aims to enhance control over personal information to safeguard fundamental rights, especially the individual's right to data protection. The right to protect personal information is distinct from the right to privacy under the European Convention on Human Rights and Fundamental Freedoms (ECHR). The values underlying the regulation and protection of the former right are transparency, autonomy, fairness, dignity and non-discrimination. These are different from the values of reputation and honor, which underpin the individual's right to privacy in Kuwaiti society. Nonetheless, this article urges Kuwaiti lawmakers to be guided by the GDPR, as the individual's right to privacy is one of the values underpinning the protection of their personal information under the GDPR. Some of an individual's personal information, as defined under Article 4 of the GDPR, is linked to their right to privacy, for example, their photo. In addition, most of the individual's sensitive or private information, as outlined in Article 9 of the GDPR, is linked to the individual's right to privacy or a private life under the Kuwaiti legal system. Examples of such information include genetic data and health data. Even the process of collecting an individual's non-sensitive or private information can be used to reveal hidden private data about them. To illustrate how this point is relevant to the GDPR, it applies to private companies (as data controllers) that monitor individuals' online behavior and activities through their online identifiers or observed data, such as IP addresses, cookies and location data. A massive amount of 'dynamic personal information' is collected through such observed data and can then be analyzed predictively or using AI, which may infer private information about the Internet. As such, the GDPR protects the individual's right to privacy. However, this article suggests that Kuwaiti decision-makers should be guided by the GDPR, rather than merely copying it, when drafting a comprehensive Data Privacy Law. The GDPR has legal loopholes and vague provisions, and it does not entirely suit Kuwait for the following reasons, as explained. Firstly, the meaning of 'personal information', which determines the material scope of the Data Privacy Law, should be interpreted broadly to cover an exponentially growing range of situations. This article finds that identifiability is the core element required to consider data or information as personal information under the definition of personal information under Article 4 of the GDPR. Therefore, the GDPR does not cover anonymous information within its scope; however, the re-identification of an individual's data may still occur. Re-identification of an individual's data can be easily achieved, for example, through the Internet of Things (IoT), such as wearable devices like a Fitbit or an Apple Watch; the combined data, including location information, can distinguish one person from millions of others. Therefore, this article recommends that when Kuwaiti decision-makers draft an information Data Privacy Law, they should broaden the definition of personal data to include not only identifiability but also the ability to single out an individual from a crowd, regardless of whether their identity can be confirmed. Although Recital 26 of the GDPR explicitly mentions 'single out,' there is no clear indication of whether singling out an individual without identifying them is covered under the GDPR's scope. The GDPR also does not clarify whether inferred data falls within the scope of personal information, and the European Court of Justice's approach is inconsistent. To emphasize this point, the judgment in the case YS, M and S v Minister voor Immigratie, Integratie en Asiel clearly excludes inference data from the safeguards of Data Protection Law, while a later judgement of the case Peter Nowak v Data Protection Commissioner in 2017 attributes the status of 'personal data' to inferences. However, in the former case, the Court was clear that GDPR does not grant all rights for inference data. As such, this article recommends including inferred data within the protection or material scope, since these types of data contain hidden private information. Secondly, Article 8 (1) of the GDPR states that the processing of minors' data (those under the age of 16, or if the law of the Union Member State sets a lower age, but not younger than 13) must be authorized by the holder of parental responsibility. This article argues that the decision maker in Kuwait, instead of ignoring this requirement, should consider the following questions before implementing the parental consent requirement under Article 8 (1): Whether the age setting under Article 8(1) accurately reflects the concept of childhood, culture, social heritage, and the Kuwaiti legal system; Should the requirement for parental consent apply to all online service providers, or should online services that are offered directly to children be excluded? If so, what are the indicators that an online service is offered directly to children? How can it be ensured that parents give verification in cases where a parent is no longer responsible for their child, or when parents are deceased? Thirdly, the digital privacy rights are the legal mechanisms that put an individual in a position of control over their personal information, thereby safeguarding the individual's right to privacy. However, not all the rights that regulate users under the GDPR are necessary to put Internet users in control of their data, to safeguard their right to privacy from the challenges posed in the digital age. To illustrate this point, the right to data portability, as outlined in Article 20 of the GDPR, empowers individuals to take control of their data by allowing them to retrieve it from one service and transfer it to another. Although it offers individual control, it is not rooted in the right to privacy; rather, it stems from competition laws. The right to data portability aims to foster competition among private companies, serving a primarily economic purpose to enhance the market, which is one of the main objectives of the GDPR. Therefore, this article does not recommend that Kuwaiti lawmakers recognize data portability as a new right within a Data Privacy Law, as it is not directly related to the right to privacy. Also, some rights under the GDPR are redundant, as they can be exercised through other rights. For instance, the right to restriction of processing under Article 18 of the GDPR is an alternative or optional right that an individual can exercise in place of other rights in some legal cases. As an alternative right, whether this right is regulated or guaranteed is less critical, since another right takes its place. To emphasize this point, if an individual's consent is not valid, instead of requesting erasure, they may request a restriction on processing. As such, this article emphasizes that there is no need to set the right to restriction of processing, except in cases where the individual requires that right for the establishment, exercise or defense of legal claims against a company for breach of their right to privacy by misuse of their private data, in which case the plaintiff can request restriction of processing through an immediate injunction under the KCC. NOTE: Noura Almutairi is an Assistant Professor at Kuwait University School of Law, Private Law Department, with research interests in the right to privacy, AI, the tort liability of tech companies and IP law.
Yahoo
28-05-2025
- Business
- Yahoo
Smartsheet Unveils Smartsheet Regions Australia
Australia-hosted instance of Smartsheet strengthens company's presence APJ and supports customers' data privacy compliance requirements BELLEVUE, Wash. & SYDNEY, May 27, 2025--(BUSINESS WIRE)--Smartsheet, the AI-powered, enterprise-grade work management platform, today unveiled Smartsheet Regions Australia, a new data residency option that empowers customers to control data hosting and supports compliance with local privacy laws such as the Australian Privacy Act and EU General Data Protection Regulation (GDPR). This new instance, Smartsheet's fourth globally, is hosted in Sydney, with backup infrastructure located in Melbourne, ensuring all customer and partner data remains within the country. "This investment in a new Smartsheet Regions Australia underscores our dedication to the APJ region and the local data residency needs of our Australian and APJ customers," said Helen Masters, managing director, APJ, Smartsheet. "This Australia-hosted instance of Smartsheet will support both new and existing customers and partners, giving users access to enterprise-grade work management technology so they comply with regional privacy and governance requirements, such as the Australian Privacy Act." Combined with the platform's best-in-class, enterprise-grade security and governance measures, Smartsheet is well-equipped to serve a growing customer base, including organizations and agencies with the most stringent governance and regulatory requirements. Smartsheet supports compliance frameworks across numerous regulated industries and standards, including ISO, FedRAMP, HIPAA, DOD IL4, ITAR and more. The company is pursuing the Infosec Registered Assessors Program (IRAP) certification for the APJ region, ensuring it meets the Australian Government Information Security Manual requirements with robust policies and security controls. "Leveraging Smartsheet for advanced work management has already delivered significant time savings and enhanced regulatory compliance across our institution, a testament to our position as a leading Australian public research university," said Bruce Northcote, Chief Security Officer, University of Adelaide. "As we move towards merging with the University of South Australia to establish a combined Adelaide University, the availability of Smartsheet Australian data hosting is crucial. This will facilitate substantial new adoption within the new institution, safeguarding Australian data sovereignty." "We are thrilled to welcome the arrival of Smartsheet data residency in Australia, a testament to their commitment to Australian customers," said Jason Frost, Executive General Manager - Data & Integration, Atturra. "This development allows us to expand our services to clients with stringent regulatory requirements, ensuring their data remains securely onshore. Our APJ customers can now access best-in-class work management technology while supporting compliance with local regulations." Smartsheet Regions Customers have control over where their content is hosted through Smartsheet Regions, which offers data residency options to support compliance with privacy and governance requirements. Such requirements are prevalent for customers operating in regulated industries like finance, government, or healthcare; Smartsheet Regions empower them to meet these obligations. Smartsheet hosts customer-uploaded data, images, files, and other content within the customer's chosen data region. This ensures data residency for customer content in that specific region. Smartsheet Regions instances are available in the EU, U.S. and now Australia. Smartsheet also offers Smartsheet Gov, for government customers needing enhanced security and compliance. To learn more about Smartsheet's APJ presence, click here. About Smartsheet Smartsheet is an AI-powered, enterprise-grade modern work management platform trusted by companies across the globe, including more than 85% of the Fortune 500. The category pioneer and market leader, Smartsheet delivers powerful solutions fueling performance and driving the next wave of innovation. Visit to learn more. View source version on Contacts Media Contact Lisa Henthornpr@ Sign in to access your portfolio
Yahoo
27-05-2025
- Business
- Yahoo
Smartsheet Unveils Smartsheet Regions Australia
Australia-hosted instance of Smartsheet strengthens company's presence APJ and supports customers' data privacy compliance requirements BELLEVUE, Wash. & SYDNEY, May 27, 2025--(BUSINESS WIRE)--Smartsheet, the AI-powered, enterprise-grade work management platform, today unveiled Smartsheet Regions Australia, a new data residency option that empowers customers to control data hosting and supports compliance with local privacy laws such as the Australian Privacy Act and EU General Data Protection Regulation (GDPR). This new instance, Smartsheet's fourth globally, is hosted in Sydney, with backup infrastructure located in Melbourne, ensuring all customer and partner data remains within the country. "This investment in a new Smartsheet Regions Australia underscores our dedication to the APJ region and the local data residency needs of our Australian and APJ customers," said Helen Masters, managing director, APJ, Smartsheet. "This Australia-hosted instance of Smartsheet will support both new and existing customers and partners, giving users access to enterprise-grade work management technology so they comply with regional privacy and governance requirements, such as the Australian Privacy Act." Combined with the platform's best-in-class, enterprise-grade security and governance measures, Smartsheet is well-equipped to serve a growing customer base, including organizations and agencies with the most stringent governance and regulatory requirements. Smartsheet supports compliance frameworks across numerous regulated industries and standards, including ISO, FedRAMP, HIPAA, DOD IL4, ITAR and more. The company is pursuing the Infosec Registered Assessors Program (IRAP) certification for the APJ region, ensuring it meets the Australian Government Information Security Manual requirements with robust policies and security controls. "Leveraging Smartsheet for advanced work management has already delivered significant time savings and enhanced regulatory compliance across our institution, a testament to our position as a leading Australian public research university," said Bruce Northcote, Chief Security Officer, University of Adelaide. "As we move towards merging with the University of South Australia to establish a combined Adelaide University, the availability of Smartsheet Australian data hosting is crucial. This will facilitate substantial new adoption within the new institution, safeguarding Australian data sovereignty." "We are thrilled to welcome the arrival of Smartsheet data residency in Australia, a testament to their commitment to Australian customers," said Jason Frost, Executive General Manager - Data & Integration, Atturra. "This development allows us to expand our services to clients with stringent regulatory requirements, ensuring their data remains securely onshore. Our APJ customers can now access best-in-class work management technology while supporting compliance with local regulations." Smartsheet Regions Customers have control over where their content is hosted through Smartsheet Regions, which offers data residency options to support compliance with privacy and governance requirements. Such requirements are prevalent for customers operating in regulated industries like finance, government, or healthcare; Smartsheet Regions empower them to meet these obligations. Smartsheet hosts customer-uploaded data, images, files, and other content within the customer's chosen data region. This ensures data residency for customer content in that specific region. Smartsheet Regions instances are available in the EU, U.S. and now Australia. Smartsheet also offers Smartsheet Gov, for government customers needing enhanced security and compliance. To learn more about Smartsheet's APJ presence, click here. About Smartsheet Smartsheet is an AI-powered, enterprise-grade modern work management platform trusted by companies across the globe, including more than 85% of the Fortune 500. The category pioneer and market leader, Smartsheet delivers powerful solutions fueling performance and driving the next wave of innovation. Visit to learn more. View source version on Contacts Media Contact Lisa Henthornpr@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
14-05-2025
- Business
- Yahoo
Master Risk-Based Computer System Validation to Cut Implementation Time - 2 Day Online Course (August 6-7, 2025)
Join this interactive two-day course to master cost-effective computer system validation. Learn the 10-step risk-based approach to cut compliance costs by two-thirds while meeting Part 11 and Annex 11 requirements. Ideal for healthcare and biopharma professionals, ensure data security and regulatory readiness today! Dublin, May 14, 2025 (GLOBE NEWSWIRE) -- The "Risk-based Computer System Validation; Reduce Costs and Avoid 483s (ONLINE EVENT: August 6-7, 2025)" has been added to offering. This highly interactive two-day course uses real life examples and explores proven techniques for reducing costs, usually by two-thirds, associated with implementing, and maintaining computer systems in regulated environments. Course Features It details the requirements for Part 11 and Annex 11: SOPs, software product features, infrastructure qualification, and validation. The instructor addresses the latest computer system industry standards for data security, data transfer, audit trails, electronic records and signatures, software validation, and computer system validation. Understand the specific requirements associated with local and SaaS/cloud hosting solutions. Nearly every computerized system used in laboratory, clinical, manufacturing settings and in the quality process has to be validated. Participants learn how to decrease software implementation times and lower costs using a 10-step risk-based approach to computer system validation. The instructor reviews recent FDA inspection trends and discusses how to streamline document authoring, revision, review, and approval. Participants will learn how to write a Data Privacy Statement to comply with the EU General Data Protection Regulation (GDPR). This course benefits anyone that uses computer systems to perform their job functions and is ideal for professionals working in the health care, clinical trial, biopharmaceutical, and medical device sectors. It is essential for software vendors, auditors, and quality staff involved in GxP applications. Learning Objectives Reduce costs, usually by two-thirds, for compliance with electronic records Learn how to use electronic records and electronic signatures to maximize productivity Understand what is expected in Part 11 and Annex 11 inspections so you are prepared Avoid 483 and Warning Letters Understand the responsibilities and specific duties of your staff including IT and QA Understand your responsibilities and liabilities when using SaaS/cloud Learn how to perform risk-based Computer System Validation using fill-in-the-blank templates How to select resources and manage validation projects "Right size" change control methods that allows quick and safe system evolution Minimize validation documentation to reduce costs without increasing regulatory or business risk Learn how to reduce testing time and write test cases that trace to elements of risk management Learn how to comply with the requirements for data privacy Learn how to buy COTS software and qualify vendors Protect intellectual property and keep electronic records safe Who Should Attend: GMP, GCP, GLP, regulatory professionals QA/QC IT Auditors Managers and directors Software vendors, SaaS hosting provider Agenda: DAY 1 Introduction to the FDA (01:30 hr) How the regulations help your company to be successful Which data and systems are subject to Part 11. 21 CFR Part 11/Annex 11 - Compliance for Electronic Records and Signatures (3:30 hr) What Part 11 means to you, not just what it says in the regulations Avoid 483 and Warning Letters Explore the four primary areas of Part 11 compliance: SOPs, software product features, infrastructure qualification, and validation documentation How SaaS/cloud computing changes qualification and validation Ensure data integrity, security, and protect intellectual property Understand the current computer system industry standards for security, data transfer, and audit trails Electronic signatures, digital pens, and biometric signatures SOPs required for the IT infrastructure Product features to look for when purchasing COTS software Reduce validation resources by using easy to understand fill-in-the-blank validation documents. The Five Keys to COTS Computer System Validation (30 Min) The Who, What, Where, When, and Why of CSV The Validation Team (30 Min) How to select team members How to facilitate a validation project Ten-Step Process for COTS Risk-Based Computer System Validation (30 Min) continued on day 2 DAY 2 Software demonstrations and discussions (30 Min) Ten-Step Process for COTS Risk-Based Computer System Validation (30 Min) Learn which documents the FDA expects to audit. How to use the risk-based validation approach to lower costs. How to link requirements, specifications, risk management, and testing. Document a computer system validation project using easy to understand fill-in-the-blank templates. Based on: "Risk-Based Software Validation - Ten Easy Steps" (Davis Horwood International and PDA). How to Write Requirements and Specifications (30 Min) Workshop for writing requirements and then expanding them for specifications How to Conduct a Hazard Analysis/Risk Assessment-Exercise (30 Min) Step-by-step instructions for performing and documenting a risk assessment, and how to use the results to reduce validation documentation. Software Testing (30 min) Reduce testing by writing test cases that trace to elements of risk management. How to write efficient test cases How to write a Data Privacy Statement (30 Min) How to meet the requirements of the EU GDPR Purchasing COTS Software (30 Min) How to purchase COTS software and evaluate software vendors Cost Reduction Without Increasing Regulatory or Business Risk (45 min) How to save money How to increase quality How to increase compliance with less documentation For more information about this course visit About is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends. CONTACT: CONTACT: Laura Wood,Senior Press Manager press@ For E.S.T Office Hours Call 1-917-300-0470 For U.S./ CAN Toll Free Call 1-800-526-8630 For GMT Office Hours Call +353-1-416-8900Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Belfast Telegraph
02-05-2025
- Business
- Belfast Telegraph
TikTok fined £452m by EU authorities over data transfers to China
The Irish Data Protection Commission (DPC) said the social media company had breached the EU General Data Protection Regulation (GDPR) by failing to ensure that user data would get equal levels of protection when transferred elsewhere, and was issuing the fine as the firm's lead supervisory authority in the EU.
