Explore the vast range of titles available.

New quality that has been delivered by the provisions of General Data Protection Regulation (GDPR) (EU) 2016/679 is intended to secure a higher level of safety for personal data processing operations. The following elaboration was produced as an attempt to address the questions regarding practical methods of implementation for the indispensable mechanism of GDPR compliance. The guidelines contained in the article are supposed to be helpful in enhancing the safety level for processed personal data. Theoretical and legal studies over the status and functioning of the valid legislation with reference to the practical application of personal data processing procedures have been applied in the article. The main sources of knowledge included valid legal acts, opinions from Article 29 Working Party, technical norms as well as available general knowledge. The outcomes of the said studies indicated the complexity of the issue and established the necessity to continue further studies in practical implementation methods, such as the national and European mechanism of certification or sector codes of good practices.

Data protection, an important aspect of the right to privacy, ensures that information about people is used fairly and properly. Among the regulatory measures that have been adopted to safeguard personal data is the requirement that individuals affected by a data breach be informed promptly, enabling them to act quickly and effectively to protect themselves from harm. At the same time, the existence of a duty to notify individuals affected by a data breach incentivises data users to adopt robust measures against data breaches. Many jurisdictions adopt a mandatory data breach notification system; this article examines the two leading notification models, the United States and EU models. It takes Hong Kong as a case study where there is only a voluntary system of notifying the Privacy Commissioner of any data breach in certain specified circumstances. It evaluates the operation of Hong Kong's voluntary notification system and examines the current moves towards adopting a mandatory notification system. It examines justifications for mandatory notification and how the notification mechanism works and concludes that mandatory notification is an indispensable element of an effective regulatory system.

This article focuses on state privacy, security, and data breach regulation of mobile-app mediated health research, concentrating in particular on research studies conducted or participated in by independent scientists, citizen scientists, and patient researchers. Prior scholarship addressing these issues tends to focus on the lack of application of the HIPAA Privacy and Security Rules and other sources of federal regulation. One article, however, mentions state law as a possible source of privacy and security protections for individuals in the particular context of mobile app-mediated health research. This Article builds on this prior scholarship by: (1) assessing state data protection statutes that are potentially applicable to mobile app-mediated health researchers; and (2) suggesting statutory amendments that could better protect the privacy and security of mobile health research data. As discussed in more detail below, all fifty states and the District of Columbia have potentially applicable data breach notification statutes that require the notification of data subjects of certain informational breaches in certain contexts. In addition, more than two-thirds of jurisdictions have potentially applicable data security statutes and almost one-third of jurisdictions have potentially applicable data privacy statutes. Because all jurisdictions have data breach notification statutes, these statutes will be assessed first.