Free tools and resources for Data Protection Officers!

Tag Archives for " guidance "

Sensitive personal data in HR functions: climbing the ladder of legal bases

The GDPR’s entry into force has forced HR teams across the US and EU to re-evaluate the ways in which they justify the use of personal data relating to their employees, applicants and contractors.

Whilst compliance priorities will vary between businesses, all US headquartered organizations with a presence or personnel in the UK should be particularly mindful of their enhanced obligations to satisfy multiple conditions under both the GDPR and the UK’s new Data Protection Act 2018 (“DPA 2018“) before collecting certain special categories of personal data.

Full article: Sensitive personal data in HR functions: climbing the ladder of legal bases

Privacy International published Data Protection Guide

“Keys to Data Protection” has been developed by Privacy International to help organisations and activists fight for better data protection standards across the globe. The guide provides a framework to analyse most common principles and provisions of (draft) data protection legislations.  

Source: Privacy International published Data Protection Guide

Dutch data watchdog: PSD2 consent must be obtained ‘separately’

Third parties seeking access to payment account information held by banks must distinguish their requests to process customer data distinct from broader requests for acceptance of the terms and conditions of their payment services, the Dutch data protection authority has said.

Full article: Dutch data watchdog: PSD2 consent must be obtained ‘separately’

How to get security right in digital transformation: 10 best practices

As the business world embraces digital transformation, it is simultaneously embracing the power of data and its impact on employees, end users, and customers. However, many organizations are seeking to leverage data without understanding its full implications, putting their company at risk in the process.

Click the link below to read the article to on 10 areas where companies can improve their processes and workflows to boost the security of their organization when undergoing digital transformation.

Full article: How to get security right in digital transformation: 10 best practices – TechRepublic

Some practical advice on data treatment in technology agreements

Technology agreements commonly involve transfer of rights in both intellectual property and data. While IP provisions are typically extensive and heavily negotiated, data has not been receiving the same degree of attention. Many technology agreements contain incomplete or inadequate data provision or no data clauses at all.

Full article: Some practical advice on data treatment in technology agreements

French DPA publishes updates on GDPR

The French Data Protection Authority (CNIL) has been actively providing lots of guidance to companies, both before and after the entry into force of the General Data Protection Regulation (GDPR). Below is a summary of the recent updates that were published on the CNIL’s website on various issues relating to the GDPR.

Full article: CNIL publishes updates on GDPR

Data Protection Authorities Endorse Guidelines on AI

On October 23, 2018, the 40th International Conference of Data Protection and Privacy Commissioners (the “Conference”) released a Declaration on Ethics and Protection in Artificial Intelligence (“the Declaration”). In it, the Conference endorsed several guiding principles as “core values” to protect human rights as the development of artificial intelligence (“AI”) continues apace.

Source: Data Protection Authorities Endorse Guidelines on AI – Fairness, Transparency and Privacy Key Principles

Leading Tech Group Unveils Framework to Advance Consumer Privacy

ITI has released a legislative roadmap that advances the privacy rights of consumers and defines the responsibilities of companies in using personal data while continuing to enable the innovations that transform our lives. The new Framework to Advance Interoperable Rules (FAIR) on Privacy includes specific recommendations that give consumers more control and a clearer understanding about how their personal data is used. It also includes measures to promote security and hold companies accountable to ensure companies use personal data responsibly and transparently.

Full article: Leading Tech Group Unveils Framework to Advance Consumer Privacy – Information Technology Industry Council

CNIL Adopts Referentials on DPO Certification

On October 11, 2018, the French data protection authority (the “CNIL”) announced that it adopted two referentials (i.e. , guidelines) on the certification of the data protection officer (“DPO”). Both referentials are intended to apply to DPOs located in France. They include a certification referential that sets forth the conditions regarding the admissibility of DPO applications, and lists 17 qualifications that the DPO must have in order to be certified as a DPO by a certification body approved by the CNIL; and
an accreditation referential that outlines the criteria organizations must satisfy in order to be accredited by the CNIL as certification bodies.

Source: CNIL Adopts Referentials on DPO Certification

Intel released a paper on Privacy and Artificial Intelligence

During the 40th International Conference of Data Protection and Privacy Commissioners, Intel released a paper on Protecting Individuals’ Privacy and Data in the Artificial Intelligence World. Due to advances in computing power, data collection and analytics, many technologies are able to make autonomous determinations in near-real time – a capability that has implications for privacy. In its paper Intel makes six policy recommendations for privacy in the age of AI.

Source: Rethinking Privacy in the Age of AI – Policy@Intel

>