WP29 publishes revised guidelines on identifying a data controller’s lead supervisory authority

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on The Lead Supervisory Authority, wp244rev.01 (Revised Guidelines), which contain several differences compared to the Guidelines on identifying a data controller’s lead supervisory authority (Guidelines) previously published. […]

Tags: ,

WP29 issues guidelines aiming at GDPR implementation

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). After having examined the comments received during the public consultation which ended on February 15, 2017 (see here), WP29 adopted the final versions of several guidelines, and […]

Tags: ,

WP29 approved the Revised Guidelines on Data Protection Officers

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The […]

Tags: ,

WP29 publishes Guidelines on Data Protection Impact Assessment

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted Guidelines on Data Protection Impact Assessment (DPIA), wp248,  which will be open for public consultation for 6 weeks before their […]

Tags: ,

WP29 approved Revised Guidelines on DPOs

In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The Revised Guidelines clarifies […]

Tags: ,

Who should you appoint as a DPO? The legal/tech/organizational savvy unicorn?

Article 37(5) General Data Protection Regulation (GDPR) does not list with particularity the professional skills that should be considered when designating the Data Protection Officer (“DPO”). It provides: The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability […]

Tags: ,

The US & Switzerland sign new Privacy Shield Framework to allow data transfer

On January 12, 2017, Switzerland approved the Swiss-U.S. Privacy Shield Framework. Switzerland considers the agreement as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will replace the U.S.-Swiss Safe Harbor immediately. Switzerland will begin accepting Privacy Shield certifications starting […]

Tags: ,

EU Commission’s ePrivacy Regulation Proposal to align electronic communications privacy to GDPR

On January 10, 2017, the European Commission issued a draft for a new ePrivacy Regulation (“Proposal”) that would replace Directive 2002/58/EC (‘the ePrivacy Directive’), implementing a higher level of privacy for all electronic communications. Scope of application: The Proposal applies to all electronic communication providers – including EU institutions – and aim at aligning the existing rules, which date back […]

Tags: ,

Conflict of interest under the recently issued WP29’s opinion on DPO

In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO. See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, the organization […]

Tags: ,

APEC Cross Border Privacy Rules (CBPR) system

APEC Cross Border Privacy Rules (CBPR) system (2011) is a “voluntary accountability-based system to facilitate privacy-respecting data flows among APEC economies”. As of August 2016 there are four participating APEC CBPR system economies: USA, Mexico, Japan and Canada. It has four main components: recognition criteria for organisations wishing to become an APEC CBPR system a questionnaire […]

Tags: ,

1 2 3 4 6