Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here.   The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]

Tags: ,

WP29’s revised guidelines on the right to “data portability”

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on the right to “data portability”, wp242rev.01 (Revised Guidelines), substituting the Guidelines on the right to “data portability” (Guidelines). Data portability […]

Tags: ,

WP29 publishes revised guidelines on identifying a data controller’s lead supervisory authority

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on The Lead Supervisory Authority, wp244rev.01 (Revised Guidelines), which contain several differences compared to the Guidelines on identifying a data controller’s lead supervisory authority (Guidelines) previously published. […]

Tags: ,

WP29 issues guidelines aiming at GDPR implementation

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). After having examined the comments received during the public consultation which ended on February 15, 2017 (see here), WP29 adopted the final versions of several guidelines, and […]

Tags: ,

WP29 approved the Revised Guidelines on Data Protection Officers

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The […]

Tags: ,

WP29 publishes Guidelines on Data Protection Impact Assessment

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted Guidelines on Data Protection Impact Assessment (DPIA), wp248,  which will be open for public consultation for 6 weeks before their […]

Tags: ,

WP29 approved Revised Guidelines on DPOs

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The Revised Guidelines clarifies […]

Tags: ,

Who should you appoint as a DPO? The legal/tech/organizational savvy unicorn?

Article 37(5) General Data Protection Regulation (GDPR) does not list with particularity the professional skills that should be considered when designating the Data Protection Officer (“DPO”). It provides: The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability […]

Tags: ,

The US & Switzerland sign new Privacy Shield Framework to allow data transfer

On January 12, 2017, Switzerland approved the Swiss-U.S. Privacy Shield Framework. Switzerland considers the agreement as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will replace the U.S.-Swiss Safe Harbor immediately. Switzerland will begin accepting Privacy Shield certifications starting […]

Tags: ,

EU Commission’s ePrivacy Regulation Proposal to align electronic communications privacy to GDPR

On January 10, 2017, the European Commission issued a draft for a new ePrivacy Regulation (“Proposal”) that would replace Directive 2002/58/EC (‘the ePrivacy Directive’), implementing a higher level of privacy for all electronic communications. Scope of application: The Proposal applies to all electronic communication providers – including EU institutions – and aim at aligning the existing rules, which date back […]

Tags: ,

1 2 3 5