New guidelines on GDPR implementation published by the Spanish DPA

Inside its newly created website section on GDPR, the Agencia Española de Protección de Datos (AEPD) has recently published three guidelines to assist organizations to comply with the new Regulation: The Guidelines for the data controllers (useful check list is included). Available (in Spanish) here. The Guidelines for entering into agreements between controllers and processors. […]

Bavarian DPA sanctions appointment of IT manager of company as DPO

According to German data protection law, German data controllers must appoint a Data Protection Officer (“DPO“) in several cases, for example when ten or more people are involved in the automated processing of personal data. While an employee can be appointed as DPO, the appointee must be knowledgeable on data protection and must be reliable and independent. The […]

Tags: ,

WP29 issues guidelines on data portability, DPO, and lead authority (and lays foundation for much more)

  On December 13, 2016, EU Article 29 Data Protection Working Party “(WP29”) dealt with several critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and the Privacy Shield. It also dealt with the enforcement measures on cases having a cross-border effect. As for the GDPR’s implementation, the WP29 importantly adopted: […]

Tags: ,

Privacy Shield update: around 1300 active participants after over 4 months from start

As of mid December 2016, around 1300 companies were active under the EU-US Privacy Shield, according to the US Department of Commerce official website. The Privacy Shield Framework has now been effective for almost 4 months and it replaced the Safe Harbor, which had around 5,500 participants by 2016. The US Department of Commerce, International Trade Administration (ITA), […]

Tags: ,

European Data Protection Supervisor’s Opinion on the review of the ePrivacy Directive

On July 22, 2016, the European Data Protection Supervisor (EDPS) released Opinion 5/2016 on the review of the ePrivacy Directive (2002/58/EC). This Opinion focuses on the issues specifically requested by the EU Commission. Particularly, the EDPS suggested that “a new proposal on ePrivacy should guarantee confidentiality of communications, offer clarity and complement the General Data […]

Tags: ,

WP29’s comments on the EU Commission’s Privacy Shield Decision: again not an endorsement

On July 26, 2016, the Article 29 Working Party (WP29) released a statement on the decision of the European Commission on the EU-U.S. Privacy Shield. The statement refers to the Privacy Shield approved by the European Commission on July 12, 2016 (see here) and addresses the changes brought to the text of the document after […]

Tags: ,

Christopher Kuner, Reality and Illusion in EU Data Transfer Regulation Post Schrems

Interesting article discussing international data transfer between Europe and the U.S. Abstract:  “In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union invalidated the EU-US Safe Harbour arrangement allowing personal data to be transferred to the US. The judgment affirms the fundamental right to data protection, defines an adequate level of […]

Tags: ,

CCBE’s recommendations to protect confidentiality from government’s surveillance

On April 28, 2016, the CCBE issued a paper about the standards necessary “to ensure that the essential principles of professional secrecy and legal professional privilege are not undermined by practices undertaken by the state involving the interception of communications and access to lawyers’ data for the purpose of surveillance and/or law enforcement”. Part I describes meaning and scope of […]


California Data Breach Report (February 2016)

The California Attorney General released the California Data Breach Report (February 2016). The report is based on the notifications Californians to the Attorney General of breaches by businesses and government agencies (notification is required by law when affecting more than 500). The report analyzes breaches from 2012 through 2015.  In 4 years, the Attorney General received […]

1 2 3 4 5 18