Blogs

At its plenary meeting held in October 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the so called General Data Protection Regulation (GDPR). WP29 approved the final version of the DPIA guidelines Guidelines on Data Protection Impact Assessment after having examined the comments received during the public consultation which ended […]

  As anticipated (see here), a new Data Protection Bill was introduced to the House of Lords on September 13, 2017 and it officially entered Parliament on September 14, 2017. The new Bill aims at substituting the UK Data Protection Act 1998 and updating data protection laws in accordance with the GDPR. What will it […]

On September 11, 2017, the Spanish Data Protection Agency (AEPD) issued a closing resolution against Facebook deeming that the company doesn’t process data in accordance with EU data protection law. According to the AEPD, Facebook “collects data on ideology, sex, religious beliefs, personal preferences or browsing activity without clearly informing about how and for what purpose it will use […]

On August 30, 2017, the Belgian Data Protection Authority, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) published a template to help organizations to meet their duty to record processing activities under Article 30, GDPR. The template is available in Dutch and French and can be downloaded here. In June 2017, the Belgian DPA had published a a recommendation […]

On March 7, 2017, Reuters reported that the Danish Data Protection Agency was asked to look into Google’s alleged violation of EU privacy laws by not limiting the amount of time personal data is stored on Google’s servers. “We have become aware of the fact that Google today has 9-10 years of data on users […]

  The United Kingdom DPA, the Information Commissioner Officer (ICO), published an interactive checklist fro organizations to assess  compliance with the Data Protection law and to explain how to comply the GDPR, The ICO’s toolkit includes the following topics: Data protection assurance Getting ready for the GDPR Information security Direct marketing Records management Data sharing and subject access […]

On June 6, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2016. The DPA’s activity concentrated on computer crimes and cyber security; online profiling and social media; cyberbullying; fight against terrorism and mass surveillance; Big Data; use of new technologies […]

  On May 11, 2017, the Spanish Data Protection Agency (DPA), the Agencia Española de Protección de Datos (AEPD) and ISMS Forum Spain, a not for profit, published a Big Data privacy code of conduct, the Código de buenas prácticas en protección de datos para proyectos de Big Data.   The Code refers to Regulation […]

  On April 28, 2017, the Deutscher Bundestag, the German Parliament adopted the Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU – DSANPUG-EU). The Act implements in Germany the provisions of Regulation 2016/679, the General Data Protection Regulation (GDPR) . The Federal Council shall now approve the law, which will enter into force at the same […]

  The Information Commissioner Officer (ICO) published a guide discussing the use of encryption. The guide provides a range of practical scenarios highlighting “when and where different encryption strategies can help provide a greater level of protection.” Overview of the Guide: Encryption protects information stored on mobile and static devices and in transmission. It is a […]