fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

European Commission Releases Final Ethics Guidelines for Trustworthy AI

On April 8, 2019, the European Commission High-Level Expert Group (the “HLEG”) on Artificial Intelligence released the final version of its Ethics Guidelines for Trustworthy AI.

The Guidelines’ release follows a public consultation process in which the HLEG received over 500 comments on its initial draft version. The Guidelines outline a framework for achieving trustworthy AI and offer guidance on two of its fundamental components: (1) that AI should be ethical and (2) that it should be robust, both from a technical and societal perspective. The Guidelines intend to go beyond a list of principles and operationalize the requirements to realize trustworthy AI.

Source: European Commission Releases Final Ethics Guidelines for Trustworthy AI

Council of Europe issues recommendation on health-related data

On March 28, 2019, the Council of Europe issued a new Recommendation on the protection of health-related data.

The Recommendation calls on all Council of Europe member states to take steps to ensure that the principles for processing health-related data (in both the public and private sector) set out in the Appendix of the Recommendation are reflected in their law and practice.

Source: Council of Europe issues recommendation on health-related data

How to achieve digital governance?

Digital governance is corporate oversight of technologies that use personal or sensitive information, make autonomous decisions or exercise human-like responsibilities. The concept addresses disruptive technologies including artificial intelligence (AI), connected devices (IoT, cars, ubiquitous sensors, etc), and machine learning.

To establish digital governance programmes, companies must:

  1. first structure themselves accordingly,
  2. have a full picture of what they are doing,
  3. create an organisational culture that values fair digital practices.

Full article: Data Protection & Cybersecurity 2019 | Global Practice Guides | Chambers and Partners

Europe introduces IoT Cybersecurity standard

ETSI, the European Telecommunications Standards Institute has released a new cybersecurity standard for consumer Internet of Things devices in February 2019 (TS 103 645). These rules are intended to apply to consumer devices that are connected to network infrastructures.

The standard describes thirteen recommendations to realise the goal of ensuring safer IoT devices and to bridge the safety gap. The standard is not mandatory and remains a good practice document.

Source: Europe – Keeping your connected devices secure: Europe introduces IoT Cybersecurity standard

The 4 Ps of leveraging data privacy for enhanced investment

Recent research shows over half (55 percent) of M&A professionals have had deals fall through due to concerns over GDPR and target firms’ data practices, and 66 percent of those M&A professionals believe GDPR will increase acquirers’ scrutiny of data protection policies and processes of target firms.

Just as financial information and cyber risk realities have long required organizations to employ accountants and cybersecurity professionals to conduct frequent audits and implement proactive monitoring, data privacy now requires a unique level of organizational data diligence, in addition to the appointment of personnel such as data protection officers (DPOs) to serve as advocates for the plethora of consumer and employee data companies collect, store and manage.

given today’s ever-evolving data privacy realities, companies should abide by the four “Ps” rule to show suitors that their company is a safe bet:

  • Policy,
  • People,
  • Process,
  • Product.

Full article: The 4 Ps of leveraging data privacy for enhanced investment | TechRadar

How to report a data breach under GDPR

Data breach notification requirements are now mandatory and time-sensitive under GDPR.

While the details of what an organization needs to report in the event of a breach is defined within the legislation, when to report a data breach and which authority you should report the incident to are not as clear.

Read full article: How to report a data breach under GDPR

EDPB clarifies the interaction between the GDPR and ePrivacy Directive

The European Data Protection Board (EDPB) met for their eighth plenary session on 12 and 13 March 2019. On the session EDPB adopted:

During session EDPS also adopted:

Belgian DPA Publishes Updated List of Processing Activities Requiring DPIA

The Belgian Data Protection Authority recently published (in French and in Dutch) the updated list of the types of processing activities which require a data protection impact assessment (“DPIA”).

Article 35(4) of the EU General Data Protection Regulation (“GDPR”) obligates supervisory authorities to establish a list of the processing operations that require a DPIA and transmit it to the European Data Protection Board (the “EDPB”).

The Belgian DPA asserts that this list is neither exhaustive nor final and could be modified in the future.

Source: Belgian DPA Publishes Updated List of Processing Activities Requiring DPIA

EDPS Guidelines on assessing the proportionality of measures that limit privacy

The European Data Protection Supervisor (EDPS) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data.

EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.

Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines. The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu

Access draft guidelines

>