Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

GDPR Brexit flowchart

This week has brought further uncertainty on the route to Brexit. The planned vote in the UK Parliament on the Withdrawal Agreement – intended to establish an orderly transition period for the UK to withdraw from the EU between 30 March 2019 and 31 December 2020 – has been postponed leaving considerable uncertainty as to next steps, including the prospect of a ‘hard’ departure on 30 March 2019 with ‘no deal’ in place.

DLA Piper have produced a GDPR Brexit flowchart which maps out the key data protection impacts for each of the political routes that may now follow, showing the likely timelines and implications of both the ‘deal’ and ‘no-deal’ scenarios, which we hope will be a useful tool in contingency planning through these uncertain and difficult times.

Full article: UK: GDPR Brexit flowchart

‘Sandbox’ advice could inform GDPR codes of conduct

Trade associations could develop codes of conduct to help businesses comply with the General Data Protection Regulation (GDPR) through a new ‘regulatory sandbox’ being set up by the Information Commissioner’s Office (ICO), the UK watchdog has said.

The precise framework for sandbox participation has still to be set, but the data protection authority gave guidance on how it might work in its response paper.

Source: ‘Sandbox’ advice could inform GDPR codes of conduct, says ICO

ICO advises companies on how to prepare for a possible no-deal Brexit

The ICO recommends steps that companies could take now to start preparing for data protection compliance if the UK leaves the EU on 29 March 2019 without a deal.

If the UK is currently your organisation’s lead supervisory authority, you should review the structure of your European operations to assess whether you will continue to be able to have a lead authority and benefit from the One-Stop-Shop, the ICO says.

Source: ICO advises companies on how to prepare for a possible no-deal Brexit – Privacy Laws & Business

Recommendations on processing data in the cloud

A recent report published by Ireland’s data protection watchdog provides a helpful reminder to businesses to take additional steps to secure personal information when processing it in the cloud, avoid the common pitfalls associated with technology-related data breaches and take advantage of cloud solutions securely.

According to the report, the majority of the technology-related breaches resulted from a data controller’s use of cloud-based environments hosted by third party cloud service providers.

Full article: Recommendations on processing data in the cloud

How to Tell If Your Partner is Spying on Your Phone

“Stalkerware” apps let abusers monitor their partner’s phones and track their locations—without them knowing.

Here are some things to know about how Stalkerware works and questions to ask yourself if you think someone may be tracking you.

Full article: How to Tell If Your Partner is Spying on Your Phone – Motherboard

7 tips for CXOs to combat cybersecurity risks

This year alone saw more than 600 data breaches, yet only 25% of organizations are planning to defend against attacks, according to Deloitte. And only 25% of organizations are scenario-planning to defend against such attacks. Article provides seven tips to avoid and combat cybersecurity risks in 2019 and beyond.

Source: 7 tips for CXOs to combat cybersecurity risks in 2019 and beyond – TechRepublic

EDPB’s common sense approach to the GDPR’s territorial scope

EDPB has produced a detailed 23-page document that is both authoritative and full of common sense.

The guidelines start by treading into well-known territory: the “establishment criterion.” Following a principle that already existed under the 1995 Data Protection Directive, the GDPR will apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU. So the EDPB relies on existing case law to consolidate its opinion on this criterion.

Full article: EDPB’s common sense approach to the GDPR’s territorial scope

Germany proposes router security guidelines

The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.

Once approved, router manufacturers don’t have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance.

Full article: Germany proposes router security guidelines | ZDNet

Does the EDPB answer frequently asked questions on territorial scope?

The European Data Protection Board (EDPB , the successor to the Article 29 Working Party) has issued guidelines (for consultation) on one of the key foundation elements of the General Data Protection Regulation ( GDPR ); namely, Article 3 on territorial scope.

Article 3 is supposed to answer the important questions of when GDPR applies (depending on the location of an entity processing personal data, or of the individuals whose data is being processed). Unfortunately, Article 3 was drafted in a way that left many key concerns unanswered.

Source: Does the EDPB answer frequently asked questions on territorial scope?

Data watchdogs seek ‘added value’ in GDPR cloud codes

A revised version of the EU Cloud Code of Conduct was published earlier this month. It is the latest version of a code of conduct developed by the cloud computing industry and has been put forward as helping cloud service providers to meet their obligations under the General Data Protection Regulation (GDPR).

However, the code will only be truly relied upon to show effective GDPR compliance if it is approved by data protection authorities. To-date, none of the other codes the cloud industry has developed have had that approval.

Full article: Data watchdogs seek ‘added value’ in GDPR cloud codes

>