On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]
At its plenary meeting held in October 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the so called General Data Protection Regulation (GDPR). WP29 approved the final version of the DPIA guidelines Guidelines on Data Protection Impact Assessment after having examined the comments received during the public consultation which ended […]
The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others the “the risks of varying likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)). In line with the risk-based approach embodied by the GDPR, carrying out a […]
On November 7, 2019, the European Data Protection Supervisor (EDPS) [i] issued the Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725 (“Guidelines”). As a background, Regulation (EU) 2018/1725[ii] (“Regulation”) applies to the processing of personal data by the Union institutions, bodies, offices and agencies. The Guidelines aim at providing […]
The guidelines on Transparency under Regulation 2016/679 provide practical guidance and interpretative assistance from the Article 29 Working Party (WP29) on the new obligation of transparency concerning the processing of personal data under the General Data Protection Regulation (GDPR). Transparency is an overarching obligation under the GDPR applying to three central areas: (1) the provision […]
Finalised GDPR Guidelines – Guidelines on Data Protection Officers (DPO), more here; – Guidelines on the right to data portability, more here; – Guidelines for identifying a controller or processor’s Lead Supervisory Authority, more here; – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”, […]
In its plenary meeting held in February 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted the final version of its guidelines on data breach notification and guidelines on automated individual decision-making and profiling. Moreover, the plenary […]
On May 2018, Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation, in short “GDPR”), will enter into force. The good thing is that starting from that date, the EU […]
As announced (see here), on October 3, 2017, the Article 29 Working Party(WP29) published its Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR). Once a GDPR infringement is established, the competent supervisory authority (Article 5 1 GDPR) must identify the most appropriate corrective measure(s) to address the […]
On May 2018, Regulation (EU) 2016/679, on the Protection of Natural Persons with Regard to the Processing of personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation, in short “GDPR”), will enter into force. The good thing is that starting from that date, the EU will […]