Free tools and resources for Data Protection Officers!

Tag Archives for " GDPR "

Spain finalises new data protection and digital rights law

A new law on data protection and digital rights has been approved by Spain’s parliament and will come into force in the coming days. The law will complement the General Data Protection Regulation (GDPR).

The new law, the Organic Law on Data Protection and Digital Rights Guarantee (LOPDGDD), was approved by a large majority in the Spanish Senate on 21 November after being nearly two years in development. The Senate did not amend any of the text that was previously approved by the Congress, ending a period of delay in the parliamentary process.

Source: Spain finalises new data protection and digital rights law

New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties

The new Law on Data Protection and Digital Rights (LOPD), recently enacted in Spain, includes a highly controversial provision allowing political parties and organizations to collect and use personal data revealing political views of individuals.

The controversial article was introduced as a last-minute amendment to the bill, which was voted unanimously on October 18 by the House of Representatives (Congreso de los Diputados). By then, the contentious article had largely gone unnoticed by the public opinion. Shortly after that, however, concerns that political parties might get broad leeway to process sensitive personal data were widely reported in the mainstream media. Nonetheless, the Spanish Senate definitively approved the law on November 21 – including the controversial section. The text is expected to be officially published shortly.

Full article: New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties | Center for Internet and Society

Belgian DPA provides first status update after six months of GDPR

The Belgian DPA has released a first status update six months after the GDPR became applicable. Some interesting statistics relate to the number of data breach notifications and complaints received. In the six months ‪since May 25th, the Belgian Data Protection Authority was notified of 317 data breaches (compared to last year when only 13 breaches were notified).

Full article: BELGIUM: Belgian DPA provides first status update after six months of GDPR

Christmas spirit triumphs over GDPR in Germany

A German town managed to revive a children’s Christmas tradition after European data protection laws very nearly scrapped it.

In previous years up to 4,000 wishes to Father Christmas were placed on a tree at a Christmas market in the southern town of Roth and the city council would then attempt to fulfill those wishes, which included the names and addresses of the children who wrote them.

But the popular activity had to stop in 2016 because of Germany’s data privacy legislation and GDPR, as legislation requires parents of minors have to provide consent to the use of their kids’ data.

Local radio station Antenne Bayern found a solution by creating a wish list, which included a parental consent disclaimer, which can be printed from their website and put in the wishing box at the Christmas market.

Source: Christmas spirit triumphs over GDPR in German town of Roth – CNN

Irish watchdog clarifies record keeping and DPIAs interaction under GDPR

Ireland’s data protection authority has clarified how record keeping obligations under the General Data Protection Authority (GDPR) interact with the duties of businesses to carry out data protection impact assessments (DPIAs).

Full article: GDPR: Irish watchdog clarifies record keeping and DPIAs interaction

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

How a small French privacy ruling could remake adtech for good

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Full article: How a small French privacy ruling could remake adtech for good | TechCrunch

MEPs call for business GDPR ‘guarantee’ on using blockchain

Businesses should not begin using blockchain technology to process personal data until they can “guarantee compliance” with EU data protection laws, a committee of MEPs has said.

The Committee on Civil Liberties, Justice and Home Affairs (LIBE) said that businesses using blockchain must, in particular, be able to respect the rights of data subjects under the General Data Protection Regulation (GDPR) to the rectification and erasure of their data.

Full article: MEPs call for business GDPR ‘guarantee’ on using blockchain

First German data protection authority issues GDPR fine

The State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) was the first German data protection authority to impose a fine under the GDPR. The fine of € 20,000 sanctions the violation by a social media company of its obligation to ensure data security of processing of personal data pursuant to Art. 32 (1) (a) GDPR (obligation to pseudonymise and encrypt personal data).

Full article: Germany: First data protection authority issues GDPR fine

>