Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

EU Parliament publishes study on Blockchain and GDPR

In recent times, there has been much discussion in policy circles, academia and the private sector regarding the tension between blockchains and the European Union’s General Data Protection Regulation (‘GDPR’).

Whereas, the GDPR is based on an underlying assumption that in relation to each personal data point there is at least one the data controller, blockchains make the allocation of responsibility and accountability burdensome.

Further, although the GDPR is based on the assumption that data can be modified or erased where necessary to comply with legal requirements, blockchains, however, render the unilateral modification of data purposefully onerous in order to ensure data integrity and to increase trust in the network.

Source: Blockchain and the General Data Protection Regulation – Think Tank

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

ICO Launches Public Consultation on New Data Sharing Code of Practice

On July 16, 2019, the UK’s Information Commissioner’s Office (ICO) released a new draft Data sharing code of practice, which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.

The draft Code focuses on the sharing of personal data between controllers, with a section referring to other ICO guidance on engaging processors. The draft Code reiterates a number of legal requirements from the GDPR and DPA, while also including good practice recommendations to encourage compliance.

Source: ICO Launches Public Consultation on New Data Sharing Code of Practice

Publishers v. Privacy: Registration Is Coming

The introduction of ad blocking, browser-level advertising and browser-blocking of tracking and cookies should have heralded the beginning of more anonymous browsing.

Instead, these innovations may lead to more user registration and tracking, albeit in a potentially more consent-based manner. Publishers will soon be waging a greater battle with privacy to build a sustainable ad-supported business, writes, Ka Mo Lau, COO of Thunder Experience Cloud.

Full article: Publishers v. Privacy – Registration Is Coming | MarTech Advisor

European Commission refers Greece and Spain to Court

The European Commission decided to refer Greece and Spain to the Court of Justice of the EU for failing to transpose the EU rules on personal data protection (the Data Protection Law Enforcement Directive, Directive (EU) 2016/680).

In April 2016, the Council and the European Parliament agreed the Directive had to be transposed into national law by 6 May 2018.

Source: Data protection: Commission refers Greece and Spain to Court

First company to fail GDPR compliance shares tips

Location data company Teemo was the first to get busted for failing to comply under GDPR guidelines, but it was also the first to become compliant. Now, Teemo CEO shares tips for U.S. companies that are wondering where to start.

Full article: First company to fail GDPR compliance shares tips on prepping for US privacy regs | AdAge

EU working group to harmonize sanctions

Sweden is entering as one of the chairmen of the EU working group to work for harmonization of sanctions according to the Data Protection Regulation, GDPR.

The guidelines for harmonized penalties within the EU are expected to be completed next year. The national inspection guidelines will be revised when the common EU guidelines have been adopted.

Source: The Data Inspectorate leads the EU working group on sanctions – the Data Inspectorate

ICO opens consultation on the draft data sharing code of practice

The updated draft code of practice will explain and advise on changes to data protection legislation where these changes are relevant to data sharing. It will address many aspects of the new legislation including transparency, lawful bases for processing, the new accountability principle and the requirement to record processing activities.

The updated draft code is now out for public consultation and will remain open until Monday 9 September 2019.

You can respond to the consultation via our online survey, or you can download the document below and email datasharingcode@ico.org.uk.

Source: ICO consultation on the draft data sharing code of practice | ICO

Whistleblower data breach reports almost triple after GDPR crackdown

Whistleblower reports over data breaches have almost tripled over the past year since the introduction of GDPR.

Reports from whistleblowers over data protection surged by 175% to 379 in the year to May 2019, from 138 a year earlier, according to research from City law firm RPC.

The firm said that the introduction GDPR in May 2018 has made people more vigilant over the handling of personal data, increasing the number of reports to the Information Commissioner’s Office (ICO).

Source: Whistleblower data breach reports almost triple after GDPR crackdown

1 2 3 115