On October 4, 2018, the European Parliament adopted the proposed EU Regulation on the Free Flow of Non-Personal Data in the European Union. The Regulation aims at removing obstacles to the free movement of non-personal data within the European Union. The Regulation does not cover data mobility outside the EU. The approved Regulation does not […]
The General Data Protection Regulation, GDPR (Regulation (EU) 2016/679) started to apply on May 25, 2018. See here. The GDPR sets forth the data subject’s right to compensation and liability for the damages caused by processing infringing the GDPR. Pursuant to Article 82, GDPR: “Any person who has suffered material or non-material damage as a result of an infringement […]
On September 19, 2018, Legislative Decree n. 101/2018 harmonizing the Italian privacy law with the General Data Protection Regulation (GDPR) entered into force. Legislative Decree was published on the Official Italian Gazette (Gazzetta ufficiale n. 205 04-09-2018) on September 4, 2018. More on the Legislative Decree and the Italian Privacy Code (Legislative Decree 196/2003) is available […]
On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018). The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with […]
The GDPR (the General Data Protection Regulation) has started its application on May 25, 2018[i]and applies “extraterritorially. Privacy practitioners and EU regulators alike have highlighted the advantages of GDPR compliance for organizations, such as better data management, enhanced protection against cyber-risks, competitive advantages, etc. Many companies share the same positive view. Some others see the GDPR […]
In its plenary meeting held in April 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) and adopted several key documents for the preparation of its application on the 25th of May 2018 such as the guidelines on consent and the guidelines on transparency. […]
The guidelines on Transparency under Regulation 2016/679 provide practical guidance and interpretative assistance from the Article 29 Working Party (WP29) on the new obligation of transparency concerning the processing of personal data under the General Data Protection Regulation (GDPR). Transparency is an overarching obligation under the GDPR applying to three central areas: (1) the provision […]
The Guidelines on consent under Regulation 2016/679 provide a thorough analysis of the notion of consent. Controllers must always consider which one is the appropriate lawful ground for the processing. Consent remains one of six lawful bases to process personal data, as listed in Article 6, GDPR. The data subject shall have a genuine choice […]
EU Data Protection Authorities released useful Data Protection Impact Assessment tools (DPIAS) Belgium: the Commission for the Protection of Privacy, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) issued a Recommandation d’initiative concernant l’analyse d’impact relative à la protection des données (n° 01/2018) Cyprus: the Office of the Commissioner for Personal Data Protection, Γραφείου Επιτρόπου Προστασίας Δεδομένων […]
The Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published several useful resource to help getting ready for the GDPR. Here is a list: GDPR myth busting blogs Guide to the General Data Protection Regulation Getting ready for the GDPR self assessment checklist GDPR FAQs Lawful basis interactive tool Advice service for […]