fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

European Commission Releases Study on GDPR Data Protection Certification Mechanisms

European Commission has published a final report “Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation
(EU) 2016/679”.

The overall aim of the study is to support the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Articles 42 and 43 GDPR.

More specific the purpose of the assignment is to: i) accompany the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Art. 42 and 43 GDPR and ii) collect all relevant information for the Commission in view of the possible implementation of Art. 43(8) GDPR on the requirements for the data protection certification mechanisms and of Article 43(9) GDPR on the technical standards for certification mechanisms and data protection seals and marks, and for mechanisms to promote and recognise those certification mechanisms, seals and marks.

Read report: Data Protection Certification Mechanisms: Study on Articles 42 and 43 of the Regulation (EU) 2016/679

GDPR: 10 Months down the road

The European Data Protection Board (the “EDPB”) recently published an overview on GDPR’s implementation since its enforcement last May, and the roles of national supervisory authorities in this regard.

As of today, almost all Member States have implemented and enforced the GDPR in their national laws. The only remaining exceptions are Czech Republic, Greece, Slovenia and Portugal.

Priavcy Pervest have summarised and examined some of the items we consider key to the success of GDPR.

Full article: GDPR: 10 Months down the road | PrivacyPerfect blog

Senators say US needs its own GDPR

An investigation into the Equifax data breach has condemned the company’s poor security standards and urged politicians in the States to look to the GDPR’s example to minimise chances of a similar breach taking place in future.

The 67-page report, which was put together by the US Senate, proposes that organisational mismanagement of personally identifiable data should be punished by law, as happens under the GDPR.

Source: Senators say US America needs its own GDPR

ICO: businesses falling short on GDPR accountability

Businesses are falling short of meeting the General Data Protection Regulation’s (GDPR’s) accountability requirements, the UK’s information commissioner has said.

Elizabeth Denham highlighted the issue in a speech at the 2019 Data Protection Practitioners’ Conference on Monday.

Source: ICO: businesses falling short on GDPR accountability

Czech Republic adopts new Data Protection law

The Czech Republic adopted, on 12 March 2019, legislation that brings the GDPR’s provisions into national law.

The new Act now needs to be signed by the President. After that, it will enter into force on the day of its publication in the Legal Gazette.

Source: Czech Republic adopts new DP law to follow GDPR – Privacy Laws & Business

Recap: EDPB’s first-year review of GDPR

Last month, the European Data Protection Board released its first overview of the implementation and enforcement of the General Data Protection Regulation and the roles and means of the national supervisory authorities.

The report indicates that the GDPR cooperation and consistency mechanisms are working quite well in practice due to the EDPB and national supervisory authorities’ ongoing efforts to facilitate collaboration and communication.

Full article: Recap: EDPB’s first-year review of GDPR

Mind the overlap between GDPR and ePrivacy

Organisations need to be aware of the overlaps between European data protection and privacy rules, and which takes precedence, a privacy lawyer warns.

Understanding the interplay between the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) is more difficult than most organisations realise, according to Eduardo Ustaran, partner and global co-head of the privacy and cyber security practice at law firm Hogan Lovells.

Full article: Mind the overlap between GDPR and ePD, warns privacy lawyer

Denmark Recommends First Fine Under New EU Privacy Law

Denmark’s Data Protection Authority (DPA) has recommended fining a taxi company 1.2 million kroner ($180,000) for not deleting customers’ telephone numbers, the first Danish penalty imposed under Europe’s strict 2018 privacy rules.

The fine demonstrates that it’s not enough for companies doing business in Denmark to delete people’s names and addresses to satisfy the requirements of the European Union’s General Data Protection Regulation. They must delete all information, including telephone numbers, to avoid potentially high fines.

Source: Denmark Recommends First Fine Under New EU Privacy Law

>