Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed....more
12/18/2019
/ Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated....more
12/17/2019
/ Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Hungary ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Greece has implemented the requirements of the GDPR through new...more
12/16/2019
/ Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Greece ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated....more
12/13/2019
/ Data Processors ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated....more
12/12/2019
/ Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
France ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated in addition to new legislation being...more
12/9/2019
/ Data Processors ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
Estonia ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
———
(b) Relevant legislation...more
12/5/2019
/ Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Finland ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed, and old legislation has been amended.
———
(b)...more
12/5/2019
/ Data Controller ,
Data Processors ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Denmark ,
Employee Privacy Rights ,
Enforcement Authority ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Popular ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
———
(b) Relevant legislation...more
11/27/2019
/ Compliance ,
Consumer Privacy Rights ,
Cyprus ,
Data Controller ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Joint Control ,
Member State ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
...more
11/23/2019
/ Consent ,
Croatia ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Member State ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Prior Authorization ,
Public Interest ,
Sanctions ,
Sensitive Business Information ,
Sensitive Personal Information
Q1/ Applicable legislation
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated.
———...more
11/20/2019
/ Bulgaria ,
Civil Monetary Penalty ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions ,
Sensitive Personal Information
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated.
———
(b) Relevant legislation...more
11/15/2019
/ Austria ,
Compliance ,
Consumer Privacy Rights ,
Data Controller ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Joint Control ,
Member State ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions
Foreword -
European data protection laws have made significant strides in the last two decades.
Privacy and data protection laws have undergone dramatic changes over the last 20 years, in a race to keep up with technology....more
11/14/2019
/ Compliance ,
Consent ,
Consumer Rights Directive ,
Corporate Counsel ,
Criminal Convictions ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Member State ,
Minors ,
New Guidance ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Popular ,
Public Interest ,
Regulatory Agenda ,
Sanctions ,
Sensitive Business Information ,
Sensitive Personal Information
Organisations offering certain digital services in the United Kingdom (UK) and European Union (EU) should consider the impact of Brexit and their obligations under applicable cybersecurity law....more
10/23/2019
/ Cloud Service Providers (CSPs) ,
Digital Service Providers ,
Digital Services ,
EU ,
Information Technology ,
Member State ,
Network Security ,
NIS Directive ,
Online Marketplace ,
Search Engines ,
UK ,
UK Brexit ,
UK ICO
New law passed on the adaptation of German data protection law to the GDPR -
Following the amendment of the Federal Data Protection Act ("BDSG") in 2017, on 27 June 2019 the German Bundestag passed a second act to adapt...more
7/20/2019
/ Amended Rules ,
Consent ,
Consumer Privacy Rights ,
Data Processing Rules ,
Data Protection Officers (DPOs) ,
Electronic Agreements ,
Employee Privacy Rights ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers
On March 27, 2019, the German Federal Ministry of the Interior (GMI) proposed a new bill (the "Draft Bill") for a so-called IT Security Act 2.0 (IT-SiG 2.0). In an effort to take a front-runner role in Europe, Germany has...more
7/15/2019
/ BSI ,
Consumer Protection Laws ,
Criminal Code ,
Criminal Prosecution ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
E-Commerce ,
EU Directive ,
Germany ,
Information Security ,
Internet of Things ,
Internet Service Providers (ISPs) ,
IT Security Act ,
NIS Directive ,
Penalties ,
Popular ,
Security Standards ,
Social Media ,
Telecommunications
ad hoc clauses means a set of clauses for Cross-Border Data Transfers, which require prior approval by a DPA (see Chapter 13).
Adequacy Decision means a decision by the Commission to designate a third country as an...more
Why does this topic matter to organisations?
The GDPR is now the main instrument governing EU data protection law across all Member States. The Directive, which was almost 20 years old, has been repealed. However, the...more
4/27/2019
/ Breach Notification Rule ,
Compliance ,
Conflicts of Laws ,
e-Privacy Directive ,
EU ,
EU Directive ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Treaties ,
Member State ,
Mutual Legal Assistance Treaties (MLAT) ,
Personal Data ,
Personally Identifiable Information ,
Repeal
Why does this topic matter to organisations?
Although a key aim of the GDPR is to harmonise data protection law across the EU, there are a number of areas in which the GDPR leaves it to Member States to adopt their own...more
4/25/2019
/ Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Harmonization Rules ,
International Data Transfers ,
Member State ,
Personal Data ,
Religious Institutions ,
Scientific Research
Why does this topic matter to organisations?
Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
4/24/2019
/ Administrative Fines ,
Civil Liability ,
Criminal Sanctions ,
Damages ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Subjects Rights ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Privacy Laws ,
Remedies ,
Risk Management ,
Sanctions ,
Statutory Violations
Why does this topic matter to organisations?
Under the Directive, organisations were obliged to deal with a separate DPA for each Member State whose laws apply to them. This meant that businesses faced a range of...more
4/24/2019
/ Consistency Mechanism ,
Cooperation ,
Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Dispute Resolution ,
DPA ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Sharing ,
International Data Transfers ,
Member State ,
Multidistrict Litigation ,
Multinationals ,
One-Stop Shop ,
Personal Data
Why does this topic matter to organisations?
National Data Protection Authorities ("DPAs") are appointed to implement and enforce data protection law, and to offer guidance. As set out in Chapter 16, DPAs have significant...more
4/22/2019
/ Compliance ,
Data Protection ,
Data Protection Authority ,
Enforcement ,
Enforcement Authority ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Jurisdiction ,
Member State ,
One-Stop Shop ,
Personal Data ,
Personally Identifiable Information ,
Popular
Why does this topic matter to organisations?
In today's world, it is increasingly important to be able to move data freely to wherever those data are needed. However, the transfer of personal data to recipients outside the...more
4/20/2019
/ Adequacy Requirement ,
Binding Corporate Rules ,
Certifications ,
Cloud Service Providers (CSPs) ,
Code of Conduct ,
Consumer Rights Directive ,
Data Controller ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
International Data Transfers ,
Jurisdiction ,
Model Clauses ,
Personal Data ,
Personally Identifiable Information ,
Public Interest ,
Technology Sector
Why does this topic matter to organisations?
A significant aspect of complying with EU data protection law is demonstrating compliance—making it evident to DPAs that an organisation is meeting its obligations. Three of the...more
4/18/2019
/ Code of Conduct ,
Compliance ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Impact Assessments ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
Why does this topic matter to organisations?
Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
4/18/2019
/ Compliance ,
Confidentiality Policies ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
DPA ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Reporting Requirements