The Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published several useful resource to help getting ready for the GDPR. Here is a list: GDPR myth busting blogs Guide to the General Data Protection Regulation Getting ready for the GDPR self assessment checklist GDPR FAQs Lawful basis interactive tool Advice service for […]
In March 2018, the Garante per la Protezione dei Dati Personali, Italy’s Data Protection Authority, issued a fine of Euros 32,000 against the Rousseau association, controller of the processing of data of the website users of the Italian political party “5-Star” (Cinque Stelle). Federprivacy reports. After a data breach, the Italian DPA started investigating whether […]
On April 11, 2018, the Article 29 Working Party (WP29) published a statement on encryption and their impact on the protection of individuals with regard to the processing of their personal data in the EU. According to WP29, the availability of strong and efficient encryption is a necessity in order to guarantee the protection of […]
On April 17, 2018, 34 global technology and security companies signed a Cybersecurity Tech Accord, agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro, and together represent tech companies that power the world’s internet […]
On March 23, 2018, the omnibus spending bill was signed into law; a portion contains the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The CLOUD Act’s main goal is to grant governments timely access to electronic data stored by communication-service providers (such as email service providers, certain cloud service providers and social media providers). The […]
On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) issued a factsheet on the GDPR’s provisions that are most likely to be relevant for the negotiations of the proposed ePrivacy Regulation. The Factsheet explains key GDPR concepts relevant to the ePrivacy Regulation, including: definitions of GDPR’s terms, such as personal data, data processing and the role of […]
On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]
Finalised GDPR Guidelines – Guidelines on Data Protection Officers (DPO), more here; – Guidelines on the right to data portability, more here; – Guidelines for identifying a controller or processor’s Lead Supervisory Authority, more here; – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”, […]
In its plenary meeting held in February 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted the final version of its guidelines on data breach notification and guidelines on automated individual decision-making and profiling. Moreover, the plenary […]
The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]