fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " law "

Russian Data Protection Authority Publishes Privacy Policy Guidance

On 31 July, the Russian data protection authority, Roskomnadzor, issued guidance for data operators on the drafting of privacy policies to comply with Russian data protection law. Russia’s 2006 privacy law – Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” (Personal Data Law) – requires, among other things, that Russian data operators must adopt a privacy policy that describes how they process personal data.

Source: Russian Data Protection Authority Publishes Privacy Policy Guidance

Criminal records of employees might be a privacy risk for your business

A decision of the Italian privacy authority on the illegal collection of data on criminal convictions of employees raised the issue on a practice that is quite common. We are running a number of privacy audit on companies that need to get compliant with the General Data Protection Regulation and we can verify that the practice of collecting a police clearance report (in Italian the “casellario giudiziale “) of employees is quite common, regardless of the role to be taken by such employees, just because this is a standard practice adopted with anyone hired by the company and in absence of a regulatory obligation.

Source: Criminal records of employees might be a privacy risk for your business

Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection

Recently, the fourth edition of the book, The International Comparative Legal Guide to: Data Protection 2017, was published by the Global Legal Group. Hunton & Williams’ Global Privacy and Cybersecurity lawyers prepared several chapters in the guide, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation,” co-authored by London partner Bridget Treacy and associate Anita Bapat.

Source: Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection

Your chance to shape new cyber-security rules

Amid the noise about the introduction of data privacy reforms under Europe’s General Data Protection Regulation, the GDPR, less attention has been paid to the Network and Information Systems Directive . The NIS Directive calls on EU member states to introduce cyber-security requirements for “Operators of Essential Services” (OESs), with a less stringent set of obligations for certain groups of “Digital Services Providers” (DSPs).

Source: Your chance to shape new cyber-security rules

ICO guidance: a good re-SAR-lt for controllers?

Subject access requests (SARs) are viewed either as an essential right or a huge administrative burden, depending on whether you are the requestor or responder. Recent Court of Appeal case law has made the Information Commissioner’s Office (ICO) update its Subject access code of practice.

Source: ICO guidance: a good re-SAR-lt for controllers?

The GDPR in 20 Minutes

In June of this year, I started an internship at the IAPP as the University of Maine School of Law’s inaugural Privacy Fellow. My goal was to spend the summer helping the IAPP’s Data Protection Officer, Rita Heimes, CIPP/US, CIPM, work toward IAPP compliance with the upcoming General Data Protection Regulation (effective May 2018).

Source: The GDPR in 20 Minutes

>