Tag Archives for " guidance "

ICO publishes guide on children’s privacy and the GDPR

The guidance published by UK’s Information Commissioner’s Office focuses on the additional, child specific considerations of privacy. This guidance will help you understand the child specific considerations you need to think about when deciding on your lawful basis for processing a child’s personal data. It also explains what you need to include in your privacy notices, and what rights children have under the GDPR.

Source: Children and the GDPR | ICO

How to approach DPIAs under the GDPR

The guiding principles of the General Data Protection Regulation stimulate organizations to address the issue of compliance with an approach based on continuous risk assessment, dropping formal approaches adopted so far.

The most appropriate response to support the profound changes required by the GDPR is the implementation of a privacy management model (PMS, or privacy management system), hopefully integrated with the other business management systems, adopted to guarantee the company the compliance with voluntary certification schemes or compliance with mandatory regulations.

Read fill article: How to approach DPIAs under the GDPR

How to approach DPIAs under the GDPR

A DPIA consists of a procedure aimed at describing the treatment, assessing its necessity and proportionality, and facilitating the management of risks for the rights and freedoms of individuals deriving from the processing of their personal data (through the assessment of these risks and the definition of appropriate measures to address them).

It is important that the risks to the interested parties are identified (not just the data breach impacts, but also considering the intrinsic risks of the processing which, even if safe and with a low exposure to risks of violations, could violate the privacy of the data subject). Therefore it is convenient to extend the analysis to compliance risk and risks related to the organization, since the privacy risks towards the interested party usually have associated risks of compliance and towards the organization.

Read full article: How to approach DPIAs under the GDPR

GDPR certifications come into focus with EDPB guidance

Last week, on GDPR Day, as the law finally came into force, the newly minted European Data Protection Board shed some light on these questions and more with newly released guidance on certifying and identifying certification criteria in accordance with Articles 42 and 43 (there are also “codes of conduct” mentioned in the GDPR alongside certifications, but they aren’t addressed in this guidance).

Source: GDPR certifications come into focus with EDPB guidance

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR).

Source: GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

EDPB outlines how businesses should approach data transfers

New European Data Protection Board (EDPB) published new guidance intended to help businesses comply with the General Data Protection Regulation (GDPR) when planning to transfer personal data outside of the European Economic Area (EEA).

Although the guidance concerns derogations that apply to the GDPR’s main rules on data transfers, the document provides a useful framework for businesses to follow when considering what they need to have in place for any data transfers they wish to make.

Source: EDPB outlines how businesses should approach data transfers

EDPB Published Guidelines on Certification and Derogations under the GDPR

On May 30, 2018, the European Data Protection Board (“EDPB”), replacing the Article 29 Working Party , published the final version of Guidelines 2/2018 on derogations in the context of international data transfers and draft Guidelines 1/2018 on certification under the EU General Data Protection Regulation (“GDPR”).

Source: EDPB Published Guidelines on Certification and Derogations under the GDPR

1 2 3 22
>