Samantha V. Ettari, Handling Internet of Things Data

Author describes which are the most common cases implicating IoT devices and collected data, how to preserve those data, and how to collect and request them. Author suggests how to effectively extract relevant IoT “information in litigation while balancing the operational and privacy challenges that these new sources of digital evidence raise.”   The full […]

Tags: , , ,

EDPS adopts Guidelines on GDPR’s territorial scope

On November 16, 2018, the European Data Protection Board (EDPB) adopted guidelines on the territorial application of the GDPR. Guidelines 3/2018 on the territorial scope of Regulation 2016/679/EU- Version for public consultation. The guidelines are now open to public consultation. The Guidelines aim at clarifying the territorial scope of the GDPR, in particular where the data […]

Tags: ,

FTC’s cybersecurity guidance for small businesses

On October 18, 2018, the Federal Trade Commission (FTC) published – along with Department of Homeland Security, the National Institute of Standards and Technology, and the Small Business Administration – guidance for small businesses on how to deal with cyber threats and increase data security. The FTC highlighted a dozen need-to-know topics: Cybersecurity Basics, Understanding […]

Tags: , ,

ENISA, Technical Guideline on Minimum Security Measures

On October 4, 2014, the European Union Agency for Network and Information Security (ENISA) published the technical guideline for Minimum Security Measures to provide guidance to national regulators on the security measures they should take into account when assessing compliance to the revised Telecommunications Framework Directive . Article 13a of the most recent update of the Telecommunications Framework […]


Records of processing activities of Article 30 GDPR – some model forms

Article 30 GDPR requires each controller and each processor to maintain a record of processing activities under its responsibility which must be in writing (including electronic form). Article 30 details the minimum content of the record. Some DPA made available model forms and notes for keeping records of processing activities: the BayLDA, the Bavarian DPA […]

Tags: ,

Italian DPA allows collection of photos of lawyers participating in e-learning to verify identity

On July 17, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, approved the use of computer systems to verify the correspondence between the identity of attorneys enrolled in professional training e-courses (CLEs trainings) and that of people actually connected to the events. The system aims at preventing participants from […]

Guidelines on data breach notification

On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach  to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]

Tags: ,

Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01). Advances in the capabilities of big data analytics, as well as the widespread availability of personal data on the internet and from Internet of Things (IoT) devices can allow aspects of […]

Tags: ,

EU Commission publishes guidance on GDPR

On January 24, 2018 the EU Commission published a guidance to foster uniform application of the  GDPR across the EU. The Commission also made available an online tool for SMEs (the tool was not working on January 25, 2018 but we are confident the error in the page will be solved soon: Here the EU Commission’s press release.  For […]

Tags: ,

1 2 3 18