On August 14, 2018, the Brazilian president signed the Lei Geral de Proteção de Dados Pessoais (“LGPD”) into law. The LGPD is a comprehensive data privacy regulation, which has many similarities with the GDPR, such as for example its broad scope of application, which includes processing activities conducted wholly outside of Brazil, but affecting or […]
In June 2018, the CNIL, Commission Nationale Informatique & Libertes, published guidelines for the protection of personal data in the health sector. In particular, the French Data Protection Authority (DPA) provides professionals in the health sector with tips to comply with the EU Privacy Regulation 2016/679, GDPR: limit the information collected to what is necessary […]
EU Data Protection Authorities released useful Data Protection Impact Assessment tools (DPIAS) Belgium: the Commission for the Protection of Privacy, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) issued a Recommandation d’initiative concernant l’analyse d’impact relative à la protection des données (n° 01/2018) Cyprus: the Office of the Commissioner for Personal Data Protection, Γραφείου Επιτρόπου Προστασίας Δεδομένων […]
On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]
The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]
On October 18, 2017, the EU Commission published its report on the first annual review of the EU-U.S. Privacy Shield. The report reflects the Commission’s findings on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its first year of operation. According to the EU Commission, the Privacy Shield “continues to ensure an […]
The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here. The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]
As anticipated (see here), a new Data Protection Bill was introduced to the House of Lords on September 13, 2017 and it officially entered Parliament on September 14, 2017. The new Bill aims at substituting the UK Data Protection Act 1998 and updating data protection laws in accordance with the GDPR. What will it […]
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Regulation (EU) 2016/679, repeals Directive 95/46/EC and expands on […]
The United Kingdom DPA, the Information Commissioner Officer (ICO), published an interactive checklist fro organizations to assess compliance with the Data Protection law and to explain how to comply the GDPR, The ICO’s toolkit includes the following topics: Data protection assurance Getting ready for the GDPR Information security Direct marketing Records management Data sharing and subject access […]