On April 25, 2019, the Nigeria Data Protection Regulation 2019 entered into force. The Regulation was issued by the National Information Technology Development Agency, NITDA, and it mirrors the EU General Data Protection Regulation (GDPR). The Regulation’s scope of application is quite broad. It applies to all transactions intended for the processing of personal data […]
On February 20, 2019, Bulgaria adopted the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) harmonization law. The law amends and supplements the previous data protection act from 2002. It also transposes the EU Law Enforcement Directive (Directive (EU) 2016/680). The new Law on Personal Data Protection (LASLPDP) entered into force on March 2, 2019 […]
The new article 2-terdecies, of the Italian Privacy Code (introduced by Legislative Decree 101/2018), expressly rules on the data protection rights of the deceased. According the Italian Privacy Code, the rights of access, rectification, cancellation, limitation, portability, opposition and the rights relating to fully automated decisions relating to personal data concerning deceased subjects may be […]
On September 4, 2018, Legislative Decree n. 101/2018 harmonizing the national privacy law with the General Data Protection Regulation (GDPR) was published on the official Italian journal (Gazzetta ufficiale n. 205 04-09-2018). The Legislative Decree does not abrogate the Italian Privacy Code (Legislative Decree 196/2003), which therefore remains in force, but that Code is harmonized with […]
The guidelines on Transparency under Regulation 2016/679 provide practical guidance and interpretative assistance from the Article 29 Working Party (WP29) on the new obligation of transparency concerning the processing of personal data under the General Data Protection Regulation (GDPR). Transparency is an overarching obligation under the GDPR applying to three central areas: (1) the provision […]
The Guidelines on consent under Regulation 2016/679 provide a thorough analysis of the notion of consent. Controllers must always consider which one is the appropriate lawful ground for the processing. Consent remains one of six lawful bases to process personal data, as listed in Article 6, GDPR. The data subject shall have a genuine choice […]
Less than one month to the entering into force of the GDPR, the text (in all language versions) is still subject to changes, sometimes significantly. http-::data.consilium.europa.eu:doc:document:ST-8088-2018-INIT:en:pdf For more information and for advice on GDPR implementation, Francesca Giannoni-Crystal.
The Italian Council of Ministers preliminarily approved a legislative decree (in furtherance of Parliament’s delegation Law October 25 2017, no. 163), containing provisions to amend domestic law in compliance with the GDPR. In fact, effective May 25, 2018, Legislative Decree June 30, 2003 no. 196 will be abrogated and the GDPR will be immediately into […]
The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here. The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]
In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on the right to “data portability”, wp242rev.01 (Revised Guidelines), substituting the Guidelines on the right to “data portability” (Guidelines). Data portability […]