Finalised GDPR Guidelines – Guidelines on Data Protection Officers (DPO), more here; – Guidelines on the right to data portability, more here; – Guidelines for identifying a controller or processor’s Lead Supervisory Authority, more here; – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”, […]
UPDATED Novembre 19, 2019 Article 30 GDPR requires each controller and each processor to maintain a record of processing activities under its responsibility which must be in writing (including electronic form). Article 30 details the minimum content of the record. Some DPA made available model forms and notes for keeping records of processing activities: the […]
On February 6, 2018, Working Party 29 (WP29) adopted the Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01). Advances in the capabilities of big data analytics, as well as the widespread availability of personal data on the internet and from Internet of Things (IoT) devices can allow aspects of […]
We have been reading some commentaries to the effect that the GDPR (General Data Protection Regulation) needs to be transposed with special legislation adopted in the several EU member states. That there will be legislation is true, but the statement is misleading. Make no mistake: the GDPR is an EU regulation, not a EU directive […]
As announced (see here), on October 3, 2017, the Article 29 Working Party(WP29) published its Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR). Once a GDPR infringement is established, the competent supervisory authority (Article 5 1 GDPR) must identify the most appropriate corrective measure(s) to address the […]
The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here. The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Regulation (EU) 2016/679, repeals Directive 95/46/EC and expands on […]
The author discusses how cloud service providers may be considered Data Processor under the EU General Data Protection Regulation (GDPR) if they provide “data processing services (e.g. storage) on behalf of the Data Controller without determining the purposes and means of processing (Art.4(7) and (8), GDPR).” The article draws a line between duties and responsibilities […]
Tags: BIG DATA, DATA PROTECTION, INTERNATIONAL DATA PROTECTION
On April 28, 2017, the Deutscher Bundestag, the German Parliament adopted the Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU – DSANPUG-EU). The Act implements in Germany the provisions of Regulation 2016/679, the General Data Protection Regulation (GDPR) . The Federal Council shall now approve the law, which will enter into force at the same […]
On April 24, 2017, the European Data Protection Supervisor (EDPS) released Opinion 6/2017 on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation Proposal). The EDPS welcomes the Proposal for the Regulation. There is a need of “a specific legal tool to protect the right to private life guaranteed by Article 7 […]