Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

EDPB releases information note in the event of a “No-deal Brexit”

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for their “Binding Corporate Rules” (“BCRs”).

Source: EDPB releases information note in the event of a “No-deal Brexit”

Unsolicited marketing: the right approach for e-billing in light of GDPR

In a recent study by consumer body Which?, several major retailers were potentially at risk for violations of data protection regulations by sending marketing content to customers via e-receipts – the same customers who specifically requested not to be contacted for promotional offerings.

It comes as no surprise that retailers are determined to deploy such a high engagement tactic, but it does not take a GDPR expert to work out that turning transactional communications into a marketing opportunity requires thorough understanding of the rules about what can and cannot be done.

Full article: Unsolicited marketing: the right approach for e-billing in light of GDPR – GDPR.Report

Spain: Guide on cyber incidents establishes a “one-stop notification system”

The Government of Spain announced, on 23 January 2019, that it had issued a guide on the notification and management of cyber incidents (‘the Guide’), according to the requirements of Royal Decree-Law 12/2018, of September 7, on the Security of Network and Information Systems.

In particular, the Guide creates a framework for the notification of incidents relating to the security of network and information systems by operators of essential services based on a series of impact criteria, as well as a management scheme on the same.

Source: Spain: Guide on cyber incidents establishes a “one-stop notification system”

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). The Opinion addresses the appropriate legal basis for the processing of personal data in the context of clinical trials (primary use), and the secondary use of clinical trial data.

Source: EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

The Polish Ministry of Digital Affairs recently issued an EU General Data Protection Regulation guidebook addressed to financial technology companies.

This is the third brochure published by the MDA’s Personal Data Protection Working Group this year, following one pertaining specifically to the health care sector and another one aimed generally toward entrepreneurs.

Source: Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data protection among them.

Full article: “No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

Davos develops drone regulation how-to for governments

At its annual meeting in Davos, Switzerland, the World Economic Forum launched what it’s calling the Advanced Drone Operator’s Toolkit.

While that may sound like a development package for drone nerds, it’s actually a set of guidelines, recommendations, and lessons-learned for governments looking to roll out commercial drone operations.

Source: Davos develops drone regulation how-to for governments (and the FAA should pay attention) | ZDNet

CoE publishes guidelines on AI

The Committee of the Council of Europe’s data protection treaty “Convention 108” has published Guidelines on Artificial Intelligence and Data Protection.

The guidelines aim to assist policy makers, artificial intelligence (AI) developers, manufacturers and service providers in ensuring that AI applications do not undermine the right to data protection.

Brexit – A Data Protection Action Plan

The proposed withdrawal agreement would have preserved the status quo in data protection terms, at least until the end of the transition period in December 2020.

However, if the UK leaves the EU without a deal, the implications for international data flows and privacy compliance generally will be severe. Therefore, British pragmatism demands an urgent and thorough approach to preparing for the eventuality of a no-deal Brexit.

Full article: Brexit – A Data Protection Action Plan

1 2 3 28
>