It seems that my recent post on Data Protection Officer vacancies not being GDPR compliant within Higher Education has garnered a lot of debate. I wanted to write a post to expand on what is clearly a topic of interest to many.
The EU’s General Data Protection Regulation should not be viewed only as a compliance issue, says Belgium’s minister for privacy.
Many companies have found themselves in an awkward position with respect to compliance with trade sanctions and data protection legislation. Specifically, I’m talking about US trade sanctions, which companies operating in the EU are not generally obligated to comply with under EU or national law. However, the US has set such a wide scope of application for the sanctions that even if a foreign company has only the slightest link to the US, it may find itself subject to the regulations set in the sanctions. A company is typically subject to US sanctions if its parent company is from the US or it has US employees.
The nature of the digital economy is as such that it will force the creation of multi-competent supervisory authorities sooner rather than later. What if the European Data Protection Board would become in the next 10 to 15 years an EU Digital Regulator, looking at matters concerning data protection, consumer protection and competition law, having “personal data” as common thread? This is the vision Giovanni Buttarelli, the European Data Protection Supervisor, laid out last week in a conversation we had at the IAPP Data Protection Congress in Brussels.
The General Data Protection Regulation regulates cross-border processing of personal data. For many organizations, identifying their lead supervisory authority (LSA), the principal EU regulator responsible for enforcement of the GDPR in relation to cross border processing, will be straightforward.
In the first two installments of this series, we described some of the unique characteristics of personal data that problematize efforts to monetize this value-laden asset and then outlined some key steps companies could take to address these challenges. In the third and final installment of this series, we will briefly explore how a new wave of technologies can help companies prepare their data assets.
Source: Your data monetization tool box
The General Data Protection Regulation regulates cross-border processing of personal data. For many organizations, identifying their lead supervisory authority (LSA), the principal EU regulator responsible for enforcement of the GDPR in relation to cross border processing, will be straightforward. For others, with data decision-makers in various parts of the EU or with decision-making power regarding data taken outside of the EU but processing data affecting individuals in multiple Member States, it will not be.
In the Netherlands there are a wide range of insurances, and they generally concern goods, capital or people. In case the insured object is a natural person, for some insurances, the payment depends on the health or death of that person. Examples are life and disability insurance. Part of the acceptance process of the concerning insurer is a health assessment. The professional responsible for the assessment at the insurer is called the medical advisor.
As we previously reported, this October, the EU Commission released its report and accompanying working document on the first annual review of the EU-U.S. Privacy Shield framework. On November 28, 2017, the Article 29 Data Protection Working Party adopted an opinion on the review.
At its 113th plenary meeting held on Nov. 28, 2017, in Brussels, the Article 29 Data Protection Working Party adopted its EU-U.S. Privacy Shield Report , which renders an opinion on the annual review of Privacy Shield recently conducted by the European Commission and the U.S. Department of Commerce.