Tag Archives for " opinion "

Will Bulgaria get ePrivacy done in time?

Earlier this month the current Bulgarian Presidency of the European Council sent out a progress report on the draft ePrivacy regulation, and the question on everyone’s lips was whether there would be a general approach before Bulgaria gives up the presidency at the end of June.

Read full article: Will Bulgaria get ePrivacy done in time? Doesn’t look good

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

The California Consumer Privacy Act of 2018 is not at all like the GDPR

There seems to be a rise in fearmongering about the next big potential privacy legislation on the horizon after GDPR – the California Consumer Privacy Act of 2018. Consultants, bloggers, and, sadly, some well-respected law firms, have hyped the initiative as “very similar to the GDPR,” and a “sweeping, GDPR-like privacy regime.”

However,California Consumer Privacy Act of 2018 is not like GDPR. The Act is not an “act” at all – it is an initiative that may appear on the ballot in California during the November elections. And while the ballot initiative proposes some interesting, and arguably misguided, privacy requirements, few of those requirements have any analog within the GDPR. Furthermore equating the California initiative to the GDPR masks its real aim, purpose, and danger.

Read full article: Bryan Cave – Stop the hype! The California Consumer Privacy Act of 2018 is not at all like the GDPR

GDPR implementation bills: The election problem

It is by now no secret that a lot of EU countries won’t have implementing acts ready in time for the introduction of the General Data Protection Regulation this week. While this is unlikely to be the end of the world for most companies — the GDPR doesn’t need to be transposed into member states’ national laws to apply — it does create a level of confusion where the new regulation clashes with still-active national implementations of the old EU Data Protection Directive.

Read full article: GDPR implementation bills: The election problem

Protecting Customers’ Privacy Requires More than Anonymizing Their Data

The promised benefits of data-driven marketing are at grave risk unless businesses can do a better job of protecting against unwanted data disclosures. The current approach of controlling access to the data or removing personally identifiable information does not control the risk of disclosure adequately.

Other approaches, such as aggregation, lead to severe degradation of information. It’s time for businesses to consider using statistical approaches to convert the original data to synthetic data so they remain valuable for data-driven marketing, yet adequately protected.

Source: Protecting Customers’ Privacy Requires More than Anonymizing Their Data

What role can internal auditors play in GDPR compliance?

As a function that has a holistic view of the organization, internal audit plays a role in evaluating the organization’s GDPR compliance. By taking up the role of a strategic partner of the data protection officer, internal auditors can help to guide the company strategy, raise awareness, assess the potential risks, identify gaps, and test the remediated procedures.

Read more: What role can internal auditors play in GDPR compliance?

GDPR harmonization: Reality or myth?

One primary goal in the EU’s enactment of the General Data Protection Regulation was to “harmonize,” or bring into conformity with each other, the data protection laws of the 28 EU member states.

Harmonization was also one of the main purposes for enacting the EU Data Protection Directive, which served as the source of EU data protection law prior to the GDPR. The EU decided that one major way to enhance harmonization through the new law was to enact it in the form of a regulation, rather than another directive. But scrutiny of the resulting regulation suggests that it may well not achieve the desired harmonization.

Source: GDPR harmonization: Reality or myth?

Croatian GDPR implementation law — main features and unanswered questions

The law regulates the supervisory authority’s composition, authorities and principles of work, as well as specificities related to administrative fines and to the proceedings in front of supervisory authority and administrative courts.

It also provides some specific provisions related to processing of genetic and biometric data, video surveillance, children’s data and processing for statistical purposes. However, the current law does not provide for specific provisions related to data protection officers. Also, there is no longer a provision that data made available to the public by data subject represent the lawful processing basis itself.

Read full article: Croatian GDPR implementation law — main features and unanswered questions

GDPR lacks clarity and threatens transatlantic trade

A lack of clarity around how new EU data protection laws apply poses a threat to EU-US trade, the US secretary of commerce has said.

“GDPR creates serious, unclear legal obligations for both private and public sector entities, including the US government. We do not have a clear understanding of what is required to comply. That could disrupt transatlantic co-operation on financial regulation, medical research, emergency management co-ordination, and important commerce,” he said.

Source: GDPR lacks clarity and threatens transatlantic trade, says Ross

1 2 3 43
>