The United Kingdom DPA, the Information Commissioner Officer (ICO), published an interactive checklist fro organizations to assess compliance with the Data Protection law and to explain how to comply the GDPR, The ICO’s toolkit includes the following topics: Data protection assurance Getting ready for the GDPR Information security Direct marketing Records management Data sharing and subject access […]
The author discusses how cloud service providers may be considered Data Processor under the EU General Data Protection Regulation (GDPR) if they provide “data processing services (e.g. storage) on behalf of the Data Controller without determining the purposes and means of processing (Art.4(7) and (8), GDPR).” The article draws a line between duties and responsibilities […]
On June 6, 2017, the Italian Data Protection Authority (DPA), the Garante per la Protezione dei Dati Personali, issued the annual report on its activity for 2016. The DPA’s activity concentrated on computer crimes and cyber security; online profiling and social media; cyberbullying; fight against terrorism and mass surveillance; Big Data; use of new technologies […]
Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) repeals Directive 95/46/EC and expands on the protection of natural persons with regard to the processing of personal data and the free movement of such data. The GDPR will come into force in May 2018 and will have an expanded territorial scope of application compared to […]
On May 11, 2017, the Spanish Data Protection Agency (DPA), the Agencia Española de Protección de Datos (AEPD) and ISMS Forum Spain, a not for profit, published a Big Data privacy code of conduct, the Código de buenas prácticas en protección de datos para proyectos de Big Data. The Code refers to Regulation […]
On April 28, 2017, the Deutscher Bundestag, the German Parliament adopted the Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU – DSANPUG-EU). The Act implements in Germany the provisions of Regulation 2016/679, the General Data Protection Regulation (GDPR) . The Federal Council shall now approve the law, which will enter into force at the same […]
The Information Commissioner Officer (ICO) published a guide discussing the use of encryption. The guide provides a range of practical scenarios highlighting “when and where different encryption strategies can help provide a greater level of protection.” Overview of the Guide: Encryption protects information stored on mobile and static devices and in transmission. It is a […]
The Information Commissioner Officer (ICO) published the data sharing code of practice. The document is a statutory code, issued by the under section 52 of the Data Protection Act (meaning that the code has been approved by the Secretary of State laid before Parliament). It is not an authoritative statement of the law but […]
Sean Baird examines the similarities and differences in the requirements for the collection, use and protection of information subject to the U.S. Health Insurance Portability and Accountability Act, and the treatment of health information as “sensitive personal data” under the GDPR, including “data concerning health” — namely the scope of information covered, the entities covered […]
On April 24, 2017, the European Data Protection Supervisor (EDPS) released Opinion 6/2017 on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation Proposal). The EDPS welcomes the Proposal for the Regulation. There is a need of “a specific legal tool to protect the right to private life guaranteed by Article 7 […]