It seems that my recent post on Data Protection Officer vacancies not being GDPR compliant within Higher Education has garnered a lot of debate. I wanted to write a post to expand on what is clearly a topic of interest to many.
The digital media supply chain is about to get a whole lot smaller thanks to Europe’s General Data Protection Regulation (GDPR). The privacy legislation, which takes effect in May, dictates that data controllers could be held responsible for data privacy missteps made by their third-party partners.
As the Estonian Presidency of the Council of the European Union wraps up this month, it put forward a new draft of the pending ePrivacy Regulation , which was considered at the Council’s WP TELE meeting held Dec. 11. While it is a new consolidated draft, with many deviations from the initial Commission draft throughout, the new pieces for consideration in this draft are limited to articles 6 through 8, which concern the legitimate bases for processing electronic communications and metadata, plus rules around the retention, storage, and deletion of user data. The stated purpose of this most recent meeting was to consider these modifications to articles 6 through 8 and then begin discussion of Article 10, which regards the provision of privacy settings in apps and communications software.
This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria are approved by the competent authority or by the Board.
Recently, the EU’s Article 29 Working Party (”Working Party”) held a plenary meeting to discuss, among other things, the implementation of the EU General Data Protection Regulation (“GDPR”) and the EU-U.S. Privacy Shield. As well as adopting its first Joint Annual Review Report on the Privacy Shield, the Working Party has been working on a number of documents that offer review and/or guidance on the GDPR.
The EU’s General Data Protection Regulation should not be viewed only as a compliance issue, says Belgium’s minister for privacy.
The European Commission is gearing up to propose a so-called adequacy decision with Japan to allow the free flow of data between Japan and the EU – possibly as early as January or February 2018. To assess how ready Tokyo is to meet the demands of the EU’s data protection regime, the European Parliament’s civil liberties, justice and home affairs (LIBE) committee sent a delegation to Japan from October 30 to November 3.
The UK’s data protection watchdog has raised concerns that proposed new UK laws threaten its ability to operate independently of the government.
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the CSA Code of Conduct for GDPR Compliance, which provides cloud service providers (CSPs), cloud customers, and potential customers with much-needed guidance in order to comply with the new obligations stemming from the European General Data Protection Regulation (GDPR). As part of this release, the CSA has also launched the CSA GDPR Resource Center, a new, community-driven website with tools and resources to help educate cloud service providers and enterprises on the new European data protection regulation.