EU Commission publishes guidance on GDPR

On January 24, 2018 the EU Commission published a guidance to foster uniform application of the  GDPR across the EU. The Commission also made available an online tool for SMEs (the tool was not working on January 25, 2018 but we are confident the error in the page will be solved soon: Here the EU Commission’s press release.  For […]

Tags: ,

WP29 issues Opinion to balance employers’ legitimate interests and employees’ reasonable privacy expectations

On June 8, 2017, Working Party 29 (WP29) issued Opinion 2/2017 on data processing at work, which makes a “new assessment of the balance between legitimate interests of employers and the reasonable privacy expectations of employees” also considering the new challenges to data protection created by new technologies. Opinion 2/2017 updates previousOpinion 08/2001 on the processing […]


Guidelines for practical implementation of the GDPR issued by the Italian DPA

The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR). The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation. The guidelines are […]

Tags: ,

Consent to data processing should not be consideration for a free service, EDPS says

On March 14, 2017, the European Data Protection Supervisor (EDPS) released Opinion 4/2017 on the 2015 Proposal for a Directive (1) on certain aspects concerning contracts for the supply of digital content  (1) on certain aspects concerning contracts for the supply of digital content and  (2) on certain aspects concerning contracts for the online and other […]

Tags: ,

Data subject’s access request_ forms from DPAs

Article 12 of the data Protection Directive provides that the data subjects have a right of access. [1] Several DPAs have made available forms to exercise this right. For example: – Italian Data Protection Authority (Garante)’s:MODELLO esercizio diritti in materia di protezione dei dati personali – Uk Data Protection Authority (ICO)’s: ICO_how_to_make_a_request – Spanish Data Protection Authority […]

Conflict of interest under the recently issued WP29’s opinion on DPO

Francesca Giannoni-Crystal and Cristina Vicarelli In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO. See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, […]

Tags: ,

New guidelines on GDPR implementation published by the Spanish DPA

Inside its newly created website section on GDPR, the Agencia Española de Protección de Datos (AEPD) has recently published three guidelines to assist organizations to comply with the new Regulation: The Guidelines for the data controllers (useful check list is included). Available (in Spanish) here. The Guidelines for entering into agreements between controllers and processors. […]

Bavarian DPA sanctions appointment of IT manager of company as DPO

According to German data protection law, German data controllers must appoint a Data Protection Officer (“DPO“) in several cases, for example when ten or more people are involved in the automated processing of personal data. While an employee can be appointed as DPO, the appointee must be knowledgeable on data protection and must be reliable and independent. The […]

Tags: ,

WP29 issues guidelines on data portability, DPO, and lead authority (and lays foundation for much more)

On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: Guidelines […]

Tags: ,

Privacy Shield update: around 1300 active participants after over 4 months from start

As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]

Tags: ,

1 2 3 17