Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

Data protection in Africa: where do we stand one year before GDPR

Albeit essentially a European statute, the new General Data Protection Regulation (GDPR), which will be applicable as of May, 25th 2018, is expected to have much impact in African countries, as its scope will also cover many data controllers and processors established outside of the European Union – namely, all those who process data of individuals located within the EU as part of the selling of goods and services to such individuals or the monitoring thereof.

Source: Data protection in Africa: where do we stand one year before GDPR

Compensation for Breach of the General Data Protection Regulation

This paper looks at Article 82(1) of the General Data Protection Regulation (GDPR) providing data subjects with rights to compensation for infringement of their rights under GDPR, and compares it with compensation provisions in other EU Regulations and Directives and with the caselaw of the CJEU on those provisions.

Source: Compensation for Breach of the General Data Protection Regulation by Eoin O’Dell :: SSRN

New Data Protection Enforcement Provisions Take Effect in Russia

On July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law. The law, which was enacted in February 2017, imposes higher fines on businesses and corporate executives accused of data protection violations, such as unlawful processing of personal data, processing personal data without consent, and failure of data controllers to meet data protection requirements.

Source: New Data Protection Enforcement Provisions Take Effect in Russia

Could Canada lose its adequacy standing?

The world has changed a lot since the European Commission gave Canada its “adequacy” standing in 2001, determining the Personal Information Protection and Electronic Documents Act, commonly known as PIPEDA, properly protects personal data transferred from the EU to Canada.

Source: Could Canada lose its adequacy standing?

Let’s sort out this profiling and consent debate once and for all.

In a post last week , I said that “ There’s a perpetuated misconception that all profiling needs consent. It doesn’t, end of. ” Since this seems to have been an area of much confusion under the GDPR, I thought it worth taking the time to elaborate on this point.

Source: Let’s sort out this profiling and consent debate once and for all.

Belgian DPA publishes recommendation on GDPR record keeping obligation

End of last week, the Belgian Data Protection Authority published a recommendation on the records of processing activities. The full text of the Recommendation is available in French and Dutch on the website of the Privacy Commission.

Source: Belgian DPA publishes recommendation on GDPR record keeping obligation

Auto industry must prepare for 2018 data protection changes

The automotive industry must start planning and preparing for the General Data Protection Regulation (GDPR), which comes into force on 25th May 2018. The GDPR will affect all retailers and manufacturers who collect, store and process customer data – e.g. for promoting deals, sending MOT or service reminders or selling new products.

Source: Auto industry must prepare for 2018 data protection changes – Car Care Plan

The case of the unsolicited email

Privacy and data protection issues do not present themselves in any particular order, so when starting out as a data protection officer, one has to be able to address the most pressing privacy issues “on the fly” while simultaneously moving methodically through a GDPR-readiness program.

Source: The case of the unsolicited email

>