On February 1, 2018, the Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority (DPA), prohibited an Italian company to store employees’ corporate emails for an indefinite period. This would violate the principles of lawfulness, necessity, and proportionality established by the Privacy Code. The DPA explained that the company – instead of implementing […]
On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) issued a factsheet on the GDPR’s provisions that are most likely to be relevant for the negotiations of the proposed ePrivacy Regulation. The Factsheet explains key GDPR concepts relevant to the ePrivacy Regulation, including: definitions of GDPR’s terms, such as personal data, data processing and the role of […]
On March 22, 2018, the Information Commissioner Officer (ICO) – the U.K. Data Protection Authority – published a detailed guidance for UK organizations on data protection impact assessments (DPIAs) under the GDPR to help companies identify and minimize the data protection risks of projects. The content of this detailed guidance is subject to public consultation, […]
Finalised GDPR Guidelines – Guidelines on Data Protection Officers (DPO), more here; – Guidelines on the right to data portability, more here; – Guidelines for identifying a controller or processor’s Lead Supervisory Authority, more here; – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”, […]
In its plenary meeting held in February 2018, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the s.c. General Data Protection Regulation (GDPR). Among other documents, WP29 also adopted the final version of its guidelines on data breach notification and guidelines on automated individual decision-making and profiling. Moreover, the plenary […]
The UK Data Protection Regulator, the Information Commissioner’s Office (ICO), published yesterday new guidance on conducting Data Protection Impact Assessments (DPIAs) under the General Data Protection Regulation (GDPR). The guidance follows earlier guidance from the Article 29 Working Party (WP29). This note uses some technical data protection terms which are explained in our Glossary here. […]
The Italian Council of Ministers preliminarily approved a legislative decree (in furtherance of Parliament’s delegation Law October 25 2017, no. 163), containing provisions to amend domestic law in compliance with the GDPR. In fact, effective May 25, 2018, Legislative Decree June 30, 2003 no. 196 will be abrogated and the GDPR will be immediately into […]
UPDATED Novembre 19, 2019 Article 30 GDPR requires each controller and each processor to maintain a record of processing activities under its responsibility which must be in writing (including electronic form). Article 30 details the minimum content of the record. Some DPA made available model forms and notes for keeping records of processing activities: the […]
On March 9, 2017, the Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority (DPA), issued a favorable opinion on a legislation that regulates the Banca Nazionale del DNA, the Italian DNA Bank. The legislation regulates the modalities of deletion of DNA profiles, the destruction of biological samples, the input and updating of the data necessary […]
On June 15, 2017, the Italian Data Protection Authority, Garante per la Protezione dei Dati Personali, rejected the request of an Italian service company to be authorized to process its employees’ judiciary data because of lack of an adequate legal basis. The Italian company was looking to process the judiciary information of its employees to allegedly […]