fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " EU "

Germany is first EU Country to enact new Data Protection Act to align with the GDPR

On 5 July 2017, almost a year before the General Data Protection Regulation (GDPR) will be applied, the new German Federal Data Protection Act (‘Bundesdatenschutzgesetz’) passed the final stage of the legislative process, the so-called German Data Protection Amendment Act. It has been countersigned by the German Federal President and published in the Federal Law Gazette.

Source: Germany is the first EU Member State to enact new Data Protection Act to align with the GDPR

The case for data-driven GDPR compliance

As we near the May 25, 2018, GDPR enforcement date, companies will promise solutions to meet the GDPR’s detailed and intricate requirements, but only a handful will believe it will never be feasible to deliver on the spirit or letter of the regulation without taking a data-driven approach to compliance.

Source: The case for data-driven GDPR compliance

Belgian DPA publishes recommendation on GDPR record keeping obligation

Belgian Data Protection Authority has published a recommendation on the records of processing activities. It aims to assist controllers and processors in putting in place the records of processing activities as required by article 30 of the GDPR.

Source: Belgian DPA publishes recommendation on GDPR record keeping obligation – Privacy, Security and Information Law Fieldfisher

Data protection in Africa: where do we stand one year before GDPR

Albeit essentially a European statute, the new General Data Protection Regulation (GDPR), which will be applicable as of May, 25th 2018, is expected to have much impact in African countries, as its scope will also cover many data controllers and processors established outside of the European Union – namely, all those who process data of individuals located within the EU as part of the selling of goods and services to such individuals or the monitoring thereof.

Source: Data protection in Africa: where do we stand one year before GDPR

Four lessons NHS Trusts can learn from the Royal Free case

UK’s Information Commissioner’s Office (ICO) announced that the Royal Free London NHS Foundation Trust did not comply with the Data Protection Act when it turned over the sensitive medical data of around 1.6 million patients to Google DeepMind, as part of a clinical safety initiative.

Source: Four lessons NHS Trusts can learn from the Royal Free case | ICO Blog

To tackle Google’s power, regulators have to go after its ownership of data

The problem with regulating technology companies is that, faced with tough new rules, they can eventually innovate their way out, often by switching to newer, unregulated technologies. The risk of targeted regulation informed by little other than economic doctrines might even be fuelling a corporate quest for eternal disruption: instead of surrendering to the regulators, technology firms prefer to abandon their old business model.

Source: To tackle Google’s power, regulators have to go after its ownership of data | Technology | The Guardian

Compensation for Breach of the General Data Protection Regulation

This paper looks at Article 82(1) of the General Data Protection Regulation (GDPR) providing data subjects with rights to compensation for infringement of their rights under GDPR, and compares it with compensation provisions in other EU Regulations and Directives and with the caselaw of the CJEU on those provisions.

Source: Compensation for Breach of the General Data Protection Regulation by Eoin O’Dell :: SSRN

Could Canada lose its adequacy standing?

The world has changed a lot since the European Commission gave Canada its “adequacy” standing in 2001, determining the Personal Information Protection and Electronic Documents Act, commonly known as PIPEDA, properly protects personal data transferred from the EU to Canada.

Source: Could Canada lose its adequacy standing?

>