Tag Archives for " controller "

GDPR Conundrums: The GDPR applicability regime – Controllers

The scope provisions of the national GDPR implementation laws wildly differ and will lead to unacceptable accumulation and incompatibility of applicable laws The applicability regime of the GDPR is creating some tricky issues. The GDPR only provides an applicability regime when it applies, but it does not also provide a regime when the national GDPR implementation laws of individual member states apply.

Source: GDPR Conundrums: The GDPR applicability regime — Part 1: Controllers

Employer liable for disgruntled employee’s deliberate data breach

WM Morrisons Supermarket plc have been held liable to 5,518 of their employees for a deliberate data breach by a rogue employee, Andrew Skelton. Skelton had been employed by Morrisons as a senior IT auditor. In the course of his duties he was required to collate employee data for Morrisons’ external auditors.

Source: Employer liable for disgruntled employee’s deliberate data breach

Expect A Contraction Of The Supply Chain In The Leadup To GDPR

The digital media supply chain is about to get a whole lot smaller thanks to Europe’s General Data Protection Regulation (GDPR). The privacy legislation, which takes effect in May, dictates that data controllers could be held responsible for data privacy missteps made by their third-party partners.

Source: Expect A Contraction Of The Supply Chain In The Leadup To GDPR | AdExchanger

Certification and liability of the data controller

This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria are approved by the competent authority or by the Board.

Source: Certification and liability of the data controller

How to comply with provisions on joint controllers under the GDPR

The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing.

Source: How to comply with provisions on joint controllers under the GDPR

What’s wrong with the ICO’s draft guidance on controller-processor contracts?

Controller-processor contracts and liabilities don’t seem destined for any guidance from the Article 29 Working Party, at least according to the WP29’s published work programs/roadmaps to date. However, some national regulators have picked up the baton. On September 13, the U.K. Information Commissioner’s Office issued draft guidance, Contracts and liabilities between controllers and processors.

Source: What’s wrong with the ICO’s draft guidance on controller-processor contracts?

How to comply with provisions on joint controllers under the GDPR

The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing.

Source: How to comply with provisions on joint controllers under the GDPR

>