Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

EDPB’s common sense approach to the GDPR’s territorial scope

EDPB has produced a detailed 23-page document that is both authoritative and full of common sense.

The guidelines start by treading into well-known territory: the “establishment criterion.” Following a principle that already existed under the 1995 Data Protection Directive, the GDPR will apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU. So the EDPB relies on existing case law to consolidate its opinion on this criterion.

Full article: EDPB’s common sense approach to the GDPR’s territorial scope

Dispatch from Brussels: GDPR enforcement, guidance to come in 2019

During her interview with IAPP Chief Knowledge Officer Omer Tene, Dixon said major GDPR-related fines will not come down the pike in 2018, but it’s safe to expect some fines in 2019. This notion was foreshadowed earlier in the day by the EDPB’s Jelinek during her keynote address.

Notably, both Jelinek and Dixon said no cross-border cases have been escalated to the EDPB. But that doesn’t mean enforcement is far away.

Full article: Dispatch from Brussels: GDPR enforcement, guidance to come in 2019

Data ethics and the rise of the “PEGs”

European data protection law has always been infused with ethical considerations around data use. Under the old Data Protection Directive, even if data use had a valid legal ground, unless the proposed use was also fair the law was still broken. But what is fairness when it comes to data?

Full article: Data ethics and the rise of the “PEGs”

Germany’s first fine under the GDPR offers enforcement insights

On Nov. 21 , the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) imposed the first fine under the GDPR in Germany – on a social media company for a violation of its data security obligations.

This is not the first GDPR-related fine in Europe which has become publicly known: the Austrian DPA imposed a €4,800 fine for illegal video surveillance activities, and a €400,000 fine was imposed in Portugal on a hospital after staff members illicitly accessed patient data. However, the current example from Germany provides further insights into how DPAs intend to use their new, heightened fining powers under GDPR.

Full article: Germany’s first fine under the GDPR offers enforcement insights

Does the EDPB answer frequently asked questions on territorial scope?

The European Data Protection Board (EDPB , the successor to the Article 29 Working Party) has issued guidelines (for consultation) on one of the key foundation elements of the General Data Protection Regulation ( GDPR ); namely, Article 3 on territorial scope.

Article 3 is supposed to answer the important questions of when GDPR applies (depending on the location of an entity processing personal data, or of the individuals whose data is being processed). Unfortunately, Article 3 was drafted in a way that left many key concerns unanswered.

Source: Does the EDPB answer frequently asked questions on territorial scope?

Data watchdogs seek ‘added value’ in GDPR cloud codes

A revised version of the EU Cloud Code of Conduct was published earlier this month. It is the latest version of a code of conduct developed by the cloud computing industry and has been put forward as helping cloud service providers to meet their obligations under the General Data Protection Regulation (GDPR).

However, the code will only be truly relied upon to show effective GDPR compliance if it is approved by data protection authorities. To-date, none of the other codes the cloud industry has developed have had that approval.

Full article: Data watchdogs seek ‘added value’ in GDPR cloud codes

GDPR vs. CCPA

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the California Consumer Privacy Act of 2018 (‘CCPA’) both aim to guarantee strong protection for individuals regarding their personal data and apply to businesses that collect, use, or share consumer data, whether the information was obtained online or offline.

As highlighted by the Guide, the two laws bear similarity in relation to their definition of certain terminology; the establishment of additional protections for individuals under 16 years of age; and the inclusion of rights to access personal information.

Full article: FPF and DataGuidance Comparison Guide: GDPR vs. CCPA

GDPR territorial guide has ‘sting in tail’ for US companies

Guidance published by an EU data protection watchdog on the territorial scope of the General Data Protection Regulation (GDPR) is likely to raise concern about the costs to US companies of entering the EU market.

“The sting in this document is in the last line for US corporates,” Ann Henry of Pinsent Masons said. “It is the law-abiding companies that will appoint a representative. Arguably making a representative liable will make it more difficult to find people or bodies willing to take on the role of representative given the extent of potential liability both by means of regulatory enforcement and through private rights of action under the GDPR regime.”

Full article: GDPR territorial guide has ‘sting in tail’ for US companies

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

1 2 3 93
>