fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

CNIL Publishes GDPR Guidance for Data Processors

On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation (“GDPR”). The guidance addresses the extended scope of the GDPR and the new and direct obligations data processors will have when the GDPR comes into force on May 25, 2018.

Source: CNIL Publishes GDPR Guidance for Data Processors

When is a vendor a processor?

Privacy professionals have been involving themselves in their organizations’ vendor management programs for a few years now. Indeed, according to the 2016 IAPP-EY Privacy Governance Survey, 70 percent of respondents (up from 63 percent in 2015) were involved in a formal vendor management program — and the numbers are just as strong in this year’s upcoming report.

Source: When is a vendor a processor?

International DPAs give guidance on automated and connected vehicles

DPAs from all over the world, convening currently at their 39th International Conference in Hong Kong, adopted yesterday resolutions on data protection in automated and connected vehicles, and collaboration between data protection authorities and consumer protection authorities for better protection of citizens. The third resolution deals with future options for International Enforcement.

Source: International DPAs give guidance on automated and connected vehicles – Privacy Laws & Business

CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

On September 19, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on two topics identified by the Article 29 Working Party  in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

A Guide to Common Types of Two-Factor Authentication on the Web

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.

Source: A Guide to Common Types of Two-Factor Authentication on the Web | Electronic Frontier Foundation

ICO GDPR guidance on Contracts and liabilities between controllers and processors

On 1 August we reported on the launch of the International Regulatory Strategy Group’s “Article 28 GDPR ready contractual terms” for use between controllers and processors. The ICO has now launched its draft guidance on this subject.

Source: UK: ICO GDPR guidance – Contracts and liabilities between controllers and processors

What’s New on Surveillance Self-Defense?

Since 2014, our digital security guide, Surveillance Self-Defense (SSD), has taught thousands of Internet users how to protect themselves from surveillance, with practical tutorials and advice on the best tools and expert-approved best practices.

Source: Security Education: What’s New on Surveillance Self-Defense

Demonstrating Responsible Use for Legitimate Interests Is Necessary Now

To address the gap in the practical use of legitimate interests to demonstrate accountability, the IAF has developed a legitimate interests assessment process that supports businesses application of the GDPR.

Source: Demonstrating Responsible Use for Legitimate Interests Is Necessary Now | The Information Accountability Foundation – IAF

GDPR: setting the record straight on data breach reporting

Misleading press stories have claimed that all breaches will need to be reported to the Information Commissioner’s Office and customers alike; others say all details of the breach need to be known straight away and some say there’ll be huge fines for failing to report.

Source: GDPR – setting the record straight on data breach reporting | ICO Blog

>