Tag Archives for " guidance "

How to approach DPIAs under the GDPR

A DPIA consists of a procedure aimed at describing the treatment, assessing its necessity and proportionality, and facilitating the management of risks for the rights and freedoms of individuals deriving from the processing of their personal data (through the assessment of these risks and the definition of appropriate measures to address them).

It is important that the risks to the interested parties are identified (not just the data breach impacts, but also considering the intrinsic risks of the processing which, even if safe and with a low exposure to risks of violations, could violate the privacy of the data subject). Therefore it is convenient to extend the analysis to compliance risk and risks related to the organization, since the privacy risks towards the interested party usually have associated risks of compliance and towards the organization.

Read full article: How to approach DPIAs under the GDPR

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR).

Source: GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

EDPB outlines how businesses should approach data transfers

New European Data Protection Board (EDPB) published new guidance intended to help businesses comply with the General Data Protection Regulation (GDPR) when planning to transfer personal data outside of the European Economic Area (EEA).

Although the guidance concerns derogations that apply to the GDPR’s main rules on data transfers, the document provides a useful framework for businesses to follow when considering what they need to have in place for any data transfers they wish to make.

Source: EDPB outlines how businesses should approach data transfers

EDPB Published Guidelines on Certification and Derogations under the GDPR

On May 30, 2018, the European Data Protection Board (“EDPB”), replacing the Article 29 Working Party , published the final version of Guidelines 2/2018 on derogations in the context of international data transfers and draft Guidelines 1/2018 on certification under the EU General Data Protection Regulation (“GDPR”).

Source: EDPB Published Guidelines on Certification and Derogations under the GDPR

An Employee’s Right of Erasure Under the GDPR

GDPR introduces the concept of a “right of erasure” i.e. a ‘right to be forgotten’. Although the concept currently exists under EU law, it is currently applicable under very limited circumstances, when data processing may result in damage or distress.

Under the GDPR, pursuant to Article 17 and Recital 65, an employee will have a right to have his/her data erased and no longer processed, where consent of processing is withdrawn, where the employee objects to such processing, or where processing is no longer necessary for the purpose for which it was gathered. That said, the employer, under certain circumstances, can refuse to comply with an employee’s request for erasure of personal data – where data processing is required by law or in connection with a legal proceeding.

Source: An Employee’s Right of Erasure Under the GDPR | Workplace Privacy, Data Management & Security Report

CNIL issues guidelines to companies for GDPR compliance

The General Data Protection Regulation (GDPR) will come into effect on May 25th, and companies are expected to start implementing measures for compliance with the new data protection rules. In this context, the French data protection authority (CNIL) has recently published guidelines exposing its strategy on how it expects companies to comply with the GDPR.

Source: CNIL issues guidelines to companies for GDPR compliance

Italy adopted GDPR law. What to do?

The Italian privacy law integrating the GDPR has been finalized by the Board of Ministers, unveiling unexpected surprises a few days before the 25th of May 2018. The Italian Board of Ministers issued the final text of the legislative decree integrating the EU General Data Protection Regulation.

Source: Italy: Privacy law integrating the GDPR adopted, what to do?

1 2 3 21
>