fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

The French Data Protection Authority Announces Stricter Enforcement

On April 15, 2019, the French Data Protection Authority (CNIL) published its 2018 activity report and announced its 2019 enforcement agenda.

The CNIL’s message is clear: if some leniency was tolerated in 2018, this transitional period for GDPR enforcement is now over. Going forward, the CNIL will adopt a stricter approach when investigating companies’ GDPR compliance and make full use of its enforcement powers, including the power to fine.

Source: The French Data Protection Authority Announces Stricter Enforcement

ICO Blog Post on AI and Solely Automated Decision-Making

The ICO has published a blog post on the role of “meaningful” human reviews in AI systems to prevent them from being categorised as “solely automated decision-making” under Article 22 of the GDPR.

That Article imposes strict conditions on making decisions with legal or similarly significant effects based on personal data where there is no human input, or where there is limited human input (e.g. a decision is merely “rubber-stamped”).

Source: ICO Blog Post on AI and Solely Automated Decision-Making

EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

On April 12, 2019, the European Data Protection Board (EDPB) published draft guidelines 2/2019 on the processing of personal data in the context of the provision of online services to data subjects.

The Guidelines discuss how the “contract” legal basis applies in the context of online services or “information society services,” defined as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

Source: EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

GDPR at a critical stage, says information commissioner

The ICO is calling on data protection officials to help kick off the next phase of the GDPR by embedding sound data governance at its annual conference.

Information Commissioner Elizabeth Denham said the GDRP enshrines in law an onus on companies to understand the risks that they create for others with their data processing, and to mitigate those risks. It also formalises the move away from box ticking to seeing data protection as something that is part of the cultural and business fabric of an organisation, and it reflects that people increasingly demand to be shown how their data is being used, and how it is being looked after, she added.

Source: GDPR at a critical stage, says information commissioner

EDPB seeks comments on its Guidelines on the processing of personal data for online services 

The European Data Protection Board welcomes comments on the Guidelines 2/2019 on on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects. Such comments should be sent to EDPB by 24/05/2019 at the latest.

More infoemation: Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects | European Data Protection Board

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches.

It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available under U.S. laws.

Full article: Deeper Dive: GDPR a Game-Changer for Data Breach Notification

European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”).

The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on the same topic.

Full article: European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

Privacy UX: Better Cookie Consent Experiences

With the advent of the EU General Data Protection Regulation (GDPR) in May 2018, the web has turned into a vast exhibition of consent pop-ups, notifications, toolbars, and modals.

While the intent of most cookie-related prompts is the same — to get a user’s consent to keep collecting and evaluating their behavior the same ol’ way they’ve been doing for years — implementations differ significantly, often making it ridiculously difficult or simply impossible for customers to opt out from tracking.

Full article: Privacy UX: Better Cookie Consent Experiences

EU to check for GDPR violations in Microsoft’s contracts with EU institutions

The European Data Protection Supervisor (EDPS), the European Union’s data protection watchdog, has started an investigation into Microsoft’s contracts with EU institutions.

The investigation will focus on the contracts EU institutions have signed with Microsoft and if clauses in these contracts comply with the EU’s new data protection regulation -also known as the General Data Protection Rules (GDPR).

Source: EU to check for GDPR violations in Microsoft’s contracts with EU institutions | ZDNet

Franch DPA Issues Standard Regulation For Biometric Systems In The Workplace

CNIL has adopted on 10 January 2019, further to a sectorial consultation with public bodies and private organisations, its first standard regulation that lays down legally binding rules applicable to data controllers subject to French Law, who use biometric systems to control access to premises, devices and applications at work.

The Regulation prescribes specific requirements for the processing, by a public or private employer, of biometric data to control accesses to work premises, to information systems or applications used in the context of business tasks entrusted to data subjects (i.e., employees, agents, interns and contractors).

Given the particular sensitivity of biometric data, the Regulation sets out stringent obligations to data controllers regarding the conditions of processing of such biometric data in the workplace.

Full article: France: The First Cnil Standard Regulation For Biometric Systems In The Workplace

1 2 3 108
>