fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

How to comply with provisions on joint controllers under the GDPR

The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing.

Source: How to comply with provisions on joint controllers under the GDPR

EU DPAs will issue GDPR draft guidance and analysis of EU-US Privacy Shield soon

The first joint annual review of the Privacy Shield is underway and the European Commission is preparing its report to be issued later this month. Separately, the EU DPAs are also conducting an assessment on how the arrangement is working.

Source: EU DPAs will issue GDPR draft guidance soon and analysis of EU-US Privacy Shield in November – Privacy Laws & Business

What’s wrong with the ICO’s draft guidance on controller-processor contracts?

Controller-processor contracts and liabilities don’t seem destined for any guidance from the Article 29 Working Party, at least according to the WP29’s published work programs/roadmaps to date. However, some national regulators have picked up the baton. On September 13, the U.K. Information Commissioner’s Office issued draft guidance, Contracts and liabilities between controllers and processors.

Source: What’s wrong with the ICO’s draft guidance on controller-processor contracts?

Data Protection and Privacy Commissioners Issue Global Connected Car Guidance

Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars.

Source: Data Protection and Privacy Commissioners Issue Global Connected Car Guidance : : Privacy & Information Security Law Blog

Privacy controls should be developed for users of connected and autonomous vehicles

Users of connected and autonomous vehicles should be able to control who is given access to the data generated by those vehicles, data protection watchdogs from across the globe have said.

Source: Privacy controls should be developed for users of connected and autonomous vehicles, say data watchdogs

New Cybersecurity Guide for Small and Medium Businesses

The Center for Internet Security (CIS) recently published CIS Controls: Implementation Guide for Small- and Medium-Sized Enterprises (SMEs). This guide contains a small sub-set of the CIS Controls specifically selected to help protect SMEs.

Source: New CIS Cybersecurity Guide for Small and Medium Businesses

CNIL Publishes GDPR Guidance for Data Processors

On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation (“GDPR”). The guidance addresses the extended scope of the GDPR and the new and direct obligations data processors will have when the GDPR comes into force on May 25, 2018.

Source: CNIL Publishes GDPR Guidance for Data Processors

When is a vendor a processor?

Privacy professionals have been involving themselves in their organizations’ vendor management programs for a few years now. Indeed, according to the 2016 IAPP-EY Privacy Governance Survey, 70 percent of respondents (up from 63 percent in 2015) were involved in a formal vendor management program — and the numbers are just as strong in this year’s upcoming report.

Source: When is a vendor a processor?

International DPAs give guidance on automated and connected vehicles

DPAs from all over the world, convening currently at their 39th International Conference in Hong Kong, adopted yesterday resolutions on data protection in automated and connected vehicles, and collaboration between data protection authorities and consumer protection authorities for better protection of citizens. The third resolution deals with future options for International Enforcement.

Source: International DPAs give guidance on automated and connected vehicles – Privacy Laws & Business

>