The Spanish AEPD has published a “white list” of data processing operations that DO NOT require a Data Protection Impact Assessment (DPIA) under GDPR:
Processing carried out under guidelines previously established or...more
The European Data Protection Board (EDPB) publishes it’s first annual report and reveals a road map for guidance to come.
In 2019 and 2020, the EDPB aims to focus on data subjects’ rights, the concept of the controller and...more
The European Data Protection Board (EDPB) has issued an opinion on the standard contractual clauses proposed by the Denmark Data Protection Authority that contains important takeaways for drafting and negotiating of all...more
Caveat Data Processor.
Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures....more
The European Parliament weighs in on data brokers and data processing in the context of elections in a published answer to a parlimentary question.
“Data brokers may act as controllers or processors depending on the degree...more
Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.
Key points:
Personal data revealing political opinions is a special category of data under the GDPR, and, in most...more
Clinical trials and the EU General Data Protection Regulation (GDPR): The European Data Protection Board (EDPB) has issued a much-awaited opinion on the legal basis for processing clinical trial data....more
If you offer goods or services to individuals in the European Union, have an establishment in the EU or monitor the behavior of individuals in the EU, now would be a good time to review your privacy notices, your process for...more
Does your company have a processing agreement with each service provider that handles personal information for you as required by the EU General Data Protection Regulation (GDPR)?
If you don’t, it may cost you 5,000 EUR...more
Does your company have the data processing agreements required by the EU General Data Protection Regulation (GDPR) when it engages third parties to assist with its data processing activities?
The Dutch data protection...more
A medical center contracted by an insurance company to provide examinations and studies to individuals covered by insurance may be a “data controller” under the EU General Data Protection Regulation (GDPR) says the Commission...more
The IAPP: International Association of Privacy Professionals, reports on Spain’s new GDPR implementation law, which provides clarity to some gray areas.
Highlights include: -
The data processor may address a data subject’s...more
Does the EU General Data Protection Regulation (GDPR) apply to my brand? This is a question with which many U.S.-based franchisors have been grappling since the GDPR took effect on May 25th. Six months later, the European...more
The UK Information Commissioner’s Office (ICO) has issued a new guidance on the liabilities of Controllers and Processors, advising that the Controller is responsible for assessing that its Processor is competent to process...more
The UK Information Commissioner’s Office (ICO) has issued several new guidance documents on Data Controllers, Data Processors and the interaction among them....more