So let’s be clear. Consent is one way to comply with the GDPR, but it’s not the only way.
On August 14, 2017, the Colombian Superintendence of Industry and Commerce (“SIC”) announced that it was adding the United States to its list of nations that provide an adequate level of protection for the transfer of personal information, according to a report from Bloomberg BNA.
Civil libertarians tell Ars they’re worried about “mass surveillance expansion.”
As reported in BNA Privacy & Security Law Report , on August 9, 2017, the Russian privacy regulator, Roskomnadzor, expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia.
A decision of the Italian privacy authority on the illegal collection of data on criminal convictions of employees raised the issue on a practice that is quite common. We are running a number of privacy audit on companies that need to get compliant with the General Data Protection Regulation and we can verify that the practice of collecting a police clearance report (in Italian the “casellario giudiziale “) of employees is quite common, regardless of the role to be taken by such employees, just because this is a standard practice adopted with anyone hired by the company and in absence of a regulatory obligation.
Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection
Recently, the fourth edition of the book, The International Comparative Legal Guide to: Data Protection 2017, was published by the Global Legal Group. Hunton & Williams’ Global Privacy and Cybersecurity lawyers prepared several chapters in the guide, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation,” co-authored by London partner Bridget Treacy and associate Anita Bapat.
On the 7 th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement ) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill ). The Statement anticipates the UK’s departure from the EU and makes it clear that following this, the Bill will transpose the General Data Protection Regulation (the GDPR ) into domestic law, stressing the importance of continued efficiency of data flow between the UK and the EU in a post-Brexit world.
Ireland’s Data Protection Commissioner published guidance on appropriate qualifications for a Data Protection Officers (DPOs) under General Data Protection Regulation (GDPR).
Subject access requests (SARs) are viewed either as an essential right or a huge administrative burden, depending on whether you are the requestor or responder. Recent Court of Appeal case law has made the Information Commissioner’s Office (ICO) update its Subject access code of practice.