Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

The four scenarios of Data Protection and a no deal Brexit

With Brexit talks still up in the air, Data Protection People look at the several scenarios that could play out for data protection professionals in the UK. Hard Brexit The Outsourced DPO has been looking at the impact of a hard Brexit for some of his clients – what a roller coaster ride that is.

Full article: The four scenarios of Data Protection and a no deal Brexit

UK government gives advice to online businesses in case of no-deal Brexit

The UK government has issued guidance for online businesses and service providers on how to operate in the European Economic Area (EEA) should the UK leave the EU at the end of March with no withdrawal agreement.

The guidance covers activities governed by the EU’s e-Commerce Directive, including online retail, social media, search engines, video sharing sites, and internet service providers

Full article: UK government gives advice to online businesses in case of no-deal Brexit

Irish Data Protection Advisory Releases Guidance on Data Consequences following ‘No Deal Brexit’

Guidance on what should happen with transfers of personal data to and from the United Kingdom, including Northern Ireland, following a possible ‘no deal’ Brexit has been published by the Irish Data Protection Commission (DPC).

The organisation warned that Irish and Irish-based companies that manage private personal data will be required to ensure data being transferred to the UK is done so lawfully following a possible March 29 date the UK leaving the European Union. From that date, in the event of no exit deal being agreed, the UK must be treated as any other non-EU State and would not enjoy the existing free movement of data that it currently does.

Full article: Irish Data Protection Advisory Releases Guidance on Data Consequences following ‘No Deal Brexit’ – Compliance Junction

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

Full article: CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Argentina DPA Issues Guidelines on Binding Corporate Rules

The Agency of Access to Public Information ( Agencia de Acceso a la Información Pública ) (“AAIP”) has approved a set of guidelines for binding corporate rules (“BCRs”), a mechanism that multinational companies may use in cross-border data transfers to affiliates in countries with inadequate data protection regimes under the AAIP.

Full article: Argentina DPA Issues Guidelines on Binding Corporate Rules

ICO updates data protection impact assessment guide

The revised guidance, published by the Information Commissioner’s Office (ICO), contains changes in response to recommendations issued by an EU-wide data protection watchdog.

In October, the European Data Protection Board (EDPB) called on the ICO to update its DPIA guidance after finding the ICO had been too strict with some of its examples of when DPIAs need to be conducted.

Full article: ICO updates data protection impact assessment guide

New Guidance on GDPR Data Processing Contracts Published by the UK ICO

The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously released primer published by the ICO, which set out key points along with helpful checklists.

The new guidance discusses (1) when a contract is needed and why, (2) specifically what terms need to be included in the contract, (3) the responsibilities and liabilities of controllers when using a processor, and (4) the responsibilities and liabilities of processors.

Full article: New Guidance on GDPR Data Processing Contracts Published by the UK ICO

GDPR Brexit flowchart

This week has brought further uncertainty on the route to Brexit. The planned vote in the UK Parliament on the Withdrawal Agreement – intended to establish an orderly transition period for the UK to withdraw from the EU between 30 March 2019 and 31 December 2020 – has been postponed leaving considerable uncertainty as to next steps, including the prospect of a ‘hard’ departure on 30 March 2019 with ‘no deal’ in place.

DLA Piper have produced a GDPR Brexit flowchart which maps out the key data protection impacts for each of the political routes that may now follow, showing the likely timelines and implications of both the ‘deal’ and ‘no-deal’ scenarios, which we hope will be a useful tool in contingency planning through these uncertain and difficult times.

Full article: UK: GDPR Brexit flowchart

‘Sandbox’ advice could inform GDPR codes of conduct

Trade associations could develop codes of conduct to help businesses comply with the General Data Protection Regulation (GDPR) through a new ‘regulatory sandbox’ being set up by the Information Commissioner’s Office (ICO), the UK watchdog has said.

The precise framework for sandbox participation has still to be set, but the data protection authority gave guidance on how it might work in its response paper.

Source: ‘Sandbox’ advice could inform GDPR codes of conduct, says ICO

ICO advises companies on how to prepare for a possible no-deal Brexit

The ICO recommends steps that companies could take now to start preparing for data protection compliance if the UK leaves the EU on 29 March 2019 without a deal.

If the UK is currently your organisation’s lead supervisory authority, you should review the structure of your European operations to assess whether you will continue to be able to have a lead authority and benefit from the One-Stop-Shop, the ICO says.

Source: ICO advises companies on how to prepare for a possible no-deal Brexit – Privacy Laws & Business

>