On 22 November 2018, the Baden-Württenberg Data Protection Authority (LfDI) announced, with a press release available here in German, of having imposed a € 20.000 sanction on the chat site Knuddels.de, for breach of Art. 32 of the GDPR. Knuddels is an online chat service that was popular in the 2000s, before the Facebook era.… Read More: First GDPR sanctions are underway: the German case »
Sorry, this entry is only available in Italiano.
Waiting for translation
The appointment of the Data Protection Officer (DPO) is one of the most controversial points of the implementation of the new Reg. EU 2016/679 on data protection. The Data Protection Authority provides guidance on this matter through a series of FAQs. The DPO is a key figure that is mandatory for public and private health facilities… Read More: The ‘good officer’ that controls our data. How to appoint… »
Clinical trials data are the ones more frequently processed by pharma and medical device companies: trial centers are also involved in this data processing. Under the data protection legislation, pharma and medical device companies are controllers and trial centres are processor, most of the time. But these roles are not always clear. In the WP… Read More: Clinical trials and GDPR »
European Data Protection Supervisor (Giovanni Buttarelli) has just published the priorities for his policy and consultation role in 2017 (15 February) You can download here more information https://secure.edps.europa.eu/EDPSWEB/edps/site/mySite/Priorities_for_providing_advice
Many clients of mine (public and private hospital, pharma and medical device companies..) are thinking to appoint an internal ICT Manager as DPO. I guess this decision could not be in compliance with the GDPR requirements for the reasons below. The GDPR art. 37 states that: The data protection officer shall be designated on the… Read More: Who can do Data Protection Officer? »
The new right to data portability (art. 20 GDPR) shall also apply to health data. This interpretation is clearly illustrated in the recent Guidelines on the right to data portability, issued by the WP 29 on December, 13 2016. At point III, the Guidelines states three necessary conditions to apply the right: personal data concerning… Read More: Data Portability impact on healthcare facilities »
On February, 29 the European Commission issued the legal texts that will put in place the EU-U.S. Privacy Shield and a Communication summarising the actions taken over the last years to restore trust in transatlantic data flows since the 2013 surveillance revelations. The Commission has (i) finalised the reform of EU Data protection rules, which… Read More: European Commission presents EU-U.S. Privacy Shield »
The General Data Protection Regulation and the Directive on Police and Justice will significantly change the structure and the way the WP29 works. WP29 Working Party has just issued the work programme 2016-2018 that takes into account the transitional period which will require from all subgroups the issuance of guidelines, tools and procedures to organize… Read More: WP29 Working Party – programme 2016-2018 »