The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données : un guide pour accompagner les sous-traitants” and “Directrices para contratos responsable – encargado” respectively. Furthermore the English DPA (ICO) has published a draft gdpr contracts guidance. These have a positive impact… Read More: Controller and Processor standard clauses »
As already mentioned in a previous post, on 10 January 2017 the European Commission presented a proposal for a Regulation (the “Regulation”) which is expected to amend the Directive 2002/58/EC (e-Privacy Directive) standardising the current European legal framework for the processing of personal data in the electronic communications sector and whose final approval is expected to… Read More: e-PRIVACY REGULATION PROPOSAL’S DEVELOPMENT – I) Art. 29WP and EDPS’s… »
Last April 4, the Article 29 Data Protection Working Party (WP 29) has adopted Guidelines on Data Protection Impact Assessment, first of all defining common criteria for all data controllers, which can support the identification of processing operations that require to carry out a data protection impact assessment. This because it is not compulsory in… Read More: Article 29 Data Protection Working Party Guidelines on Data Protection… »
The Directive 95/46/EC deal with the argument in the following terms: The processing of personal data for scientific research purposes is not considered incompatible with other processing (art. 6) For scientific use, personal data may be stored for longer periods (art. 6) The provision of information to the data subject may not be given when… Read More: The new European Regulation gives greater value and facilitation to… »
After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More: Data Protection Officer, close to a unified certification scheme …… »
By 25th may 2018, the controller and the processor, as required by Article 37 of the GDPR – General Data Protection Regulation, shall designate a data protection officer in three specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the… Read More: DPO and organizational models in the company »
The GDPR Article 20 introduces a new right to “data portability” to enable data qwners to easily move or copy their personal data to another environment . The Opinion of the WP29 clarifies the conditions of application and provides concrete examples to explain the circumstances in which this right applies. The Opinion states that this… Read More: Portability: WP29 guidelines »
Out of the 4 guidelines promised by the FabLab by year-end, the WP29 adopted on December 13 the first one, dedicated to the role of the DPO. It does not obviously contain new regulations but interpretations, examples and best practices, highly desirable because (as stated by the WP29 itself) the GDPR contains several ambiguities. I… Read More: WP29 sheds light on the DPO »
The European Commission website, in the Article 29 working party page, reports the list of the enterprises that completed the approval process of the BCR according to article 47. The list doesn’t show a reference date and this is certainly remarkable but the most relevant thing is that among the 80+ companies reported in the… Read More: Italy and binding corporate rules (BCR) »
The FabLab Group (established by WP29) drew up the summary document that will lead to issue best practices and guidelines about: the role of the DPO, Data Portability, DPIA and criteria on the Privacy Certification. As for the DPO, as you may have already had occasion to read, I am among those who support the… Read More: WP29 and the role of DPO »