Tag Archives for " EDPB "

What’s subject to a DPIA under the GDPR?

Under the European Data Protection Regulation, data protection impact assessments are required when data processing is “likely to result in a high risk to the rights and freedoms of natural persons.” Exactly what “high risk” entails, however, has been a difficult question to answer.

he supervisory authorities of 22 Member States submitted draft lists to the European Data Protection Board identifying data processing activities likely to result in a high risk and therefore require DPIAs. The EDPB subsequently issued opinions on each of these lists.

Source: What’s subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities

EDPB dealing with 162 cross border cases but no fines issued as yet

The European Data Protection Board (EDPB) has by now 162 cross-border cases on its case register and are under investigation. Some 18,000 breach notifications have been received by the 25 EU DPAs which have issued their statistics, and 15 One Stop Shop procedures have been started at the Board. In addition, there have been 233 procedures relating to Mutual Assistance between the DPAs.

Source: EDPB dealing with 162 cross border cases but no fines issued as yet – Privacy Laws & Business

EDPB Adopts Opinions on National DPIA Lists in the EU

The European Data Protection Board (“EDPB”) recently published 22 Opinions on the draft lists of Supervisory Authority (“SAs”) in EU Member States regarding which processing operations are subject to the requirement of conducting a data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (“GDPR”).

Full article: EDPB Adopts Opinions on National DPIA Lists in the EU

EDPB: ICO too strict on data protection impact assessments

The opinion, issued by the European Data Protection Board (EDPB), differs from guidance the UK’s Information Commissioner’s Office (ICO) has issued on DPIAs. Businesses planning to process biometric, genetic or location data do not automatically have to carry out a data protection impact assessment (DPIA) first to comply with the General Data Protection Regulation (GDPR), an EU privacy watchdog has said.

The ICO is not bound to update its guidance in light of the EDPB’s opinion, but must justify its reasons for not doing so if “it does not intend to follow this opinion, in whole or in part”, the EDPB said

Source: EDPB: ICO too strict on data protection impact assessments

EDPB adopts letter regarding the PSD2 Directive

The European Data Protection Board (EDPB) adopted a letter on behalf of the EDPB Chair addressed to Sophie in’t Veld MEP regarding the revised Payments Services Directive (PSD2 Directive). In its reply to Sophie in’t Veld the EDPB sheds further light on ‘silent party data’ by Third Party Providers, the procedures with regard to giving and withdrawing consent, the Regulatory Technical Standards, the cooperation between banks and the European Commission, EDPS and WP29 and what remains to be done to close any remaining data protection gaps.

Source: Letter regarding the PSD2 Directive – European Data Protection Board

‘Legitimate interest’ may permit processing of ‘silent party data’ under PSD2

Businesses in the payment services market do not necessarily need the consent of ‘silent parties’ to process their personal data when providing payment initiation or account information services to their customers, the European Data Protection Board (EDPB) has said.

Source: ‘Legitimate interest’ may permit processing of ‘silent party data’ under PSD2

European Data Protection Board issues update after second plenary meeting

Newly minted European Data Protection Board provided an update after it held its second plenary meeting July 4 and 5 about a slate of pressing data protection topics. Top of mind for the EDPB is the state of play of its consistency and cooperation mechanisms now that the General Data Protection Regulation (GDPR) is in effect. EDPB discussed their experiences so far with the one-stop-shop mechanism, the performance of the Internal Market Information System (an IT platform that facilitates exchanges on cross-border issues) as well as compliance questions the EDPB has received since the GDPR’s enactment.

Source: European Data Protection Board issues update after second plenary meeting

DPAs: Full steam ahead at the European Data Protection Board

The GDPR’s cooperation and consistency mechanism will now be put to a test at the European Data Protection Board (EDPB) which is already dealing with more than 20 cross-border cases. DPAs will try to reach the goal of consistent application of the GDPR by issuing opinions and by dispute resolution.

EDOB will issue binding decisions on cases brought to it but it can also proactively examine issues. While it can take decisions by a two-thirds majority, a procedure needs to be found for situations when a national authority prefers not to accept EDPB’s decision.

Source: DPAs: Full steam ahead at the European Data Protection Board – Privacy Laws & Business

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

>