On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors, Guide du sous-traitant, in French, to aid data processor implementing the obligations set forth by the new EU General Data Protection Regulation (“GDPR”). More on the CNIL’s guide is available (in French) at https://www.cnil.fr… For more information on EU data protection’s state of […]
On February 9, 2018, Working Party 29 (WP29) published the Working document on Adequacy Referential (wp254). The paper provides guidance to the European Commission and the WP29 for the assessment of the level of data protection in third countries and international organizations by “establishing the core data protection principles that have to be present in […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01). Advances in the capabilities of big data analytics, as well as the widespread availability of personal data on the internet and from Internet of Things (IoT) devices can allow aspects of […]
On January 24, 2018 the EU Commission published a guidance to foster uniform application of the GDPR across the EU. The Commission also made available an online tool for SMEs (the tool was not working on January 25, 2018 but we are confident the error in the page will be solved soon: http://europa.eu/rapid/europa.eu/dataprotecti on) Here the EU Commission’s press release. […]
On June 8, 2017, Working Party 29 (WP29) issued Opinion 2/2017 on data processing at work, which makes a “new assessment of the balance between legitimate interests of employers and the reasonable privacy expectations of employees” also considering the new challenges to data protection created by new technologies. Opinion 2/2017 updates previousOpinion 08/2001 on the processing […]
The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR). The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation. The guidelines […]
On March 14, 2017, the European Data Protection Supervisor (EDPS) released Opinion 4/2017 on the 2015 Proposal for a Directive (1) on certain aspects concerning contracts for the supply of digital content (1) on certain aspects concerning contracts for the supply of digital content and (2) on certain aspects concerning contracts for the online and […]
Article 12 of the data Protection Directive provides that the data subjects have a right of access. [1] Several DPAs have made available forms to exercise this right. For example: – Italian Data Protection Authority (Garante)’s:MODELLO esercizio diritti in materia di protezione dei dati personali – Uk Data Protection Authority (ICO)’s: ICO_how_to_make_a_request – Spanish Data Protection Authority […]
Francesca Giannoni-Crystal and Cristina Vicarelli In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO. See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, […]