On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR. The record – to be maintained by […]
Informazionefiscale.it reported an interesting interview with Marco Menegazzo, commander of the Special Privacy Unit of the Italian Guardia di Finanza, who spoke during the Privacy Day Forum held on May 25, 2018, and which dealt with privacy, sanctions and checks under the GDPR. Which checks will be carried out by the Italian authority under the GDPR? […]
The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Personal data breach notification under Regulation 2016/679, wp250rev.01 Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to […]
In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The […]
In its plenary meeting held in April 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). In that occasion, WP29 approved the Revised Guidelines on DPOs (Revised Guidelines), which contain also the following highlights compared to the Guidelines on Data Protection Officer (Guidelines) previously published. Accountability principle. The Revised Guidelines clarifies […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
When a US organization decides to self-certify under the EU-U.S. Privacy Shield, compliance with Privacy Shield principles becomes compulsory. This may be a problem for many US organizations because certain processing activities that they perform – which are perfectly lawful under American law — are unlawful under a Privacy Shield’s perspective. Why? And what to do? Let’s step […]
Cookie regulation in Europe is quite strict. In a previous blog we discussed the cookie law of France, Germany, Italy and the UK, focusing on information to users, user consent and consequences of violations. However, cookies are not the only method to track users. There are cookie-free tracking methods that are similarly invasive, for example […]