The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more
Q1/ Applicable legislation
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed, and old legislation has been amended.
———
(b)...more
12/5/2019
/ Data Controller ,
Data Processors ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Denmark ,
Employee Privacy Rights ,
Enforcement Authority ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Popular ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
———
(b) Relevant legislation...more
11/27/2019
/ Compliance ,
Consumer Privacy Rights ,
Cyprus ,
Data Controller ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Joint Control ,
Member State ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated.
———
(b) Relevant legislation...more
11/15/2019
/ Austria ,
Compliance ,
Consumer Privacy Rights ,
Data Controller ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Guidance Update ,
International Data Transfers ,
Joint Control ,
Member State ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
7/22/2019
/ Banks ,
Confidential Information ,
Customer Information ,
Data Collection ,
Data Controller ,
Data Processing Rules ,
Data Protection Authority ,
Direct Marketing ,
Dutch Banking Association ,
Electronic Payment Transactions ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Netherlands ,
New Guidance ,
Personal Data ,
Principle Purpose Doctrine ,
Prior Express Consent ,
Prohibited Transactions
EU data protection law contains a powerful tool called a Subject Access Request ("SAR") which allows an individual to obtain copies of data about themselves, on demand, within a tight timeframe, and at low cost. Satisfying...more
6/13/2019
/ Burden of Proof ,
Data Controller ,
Data Processors ,
Discovery Disputes ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Journalism ,
Legal Professional Privilege ,
Personal Data ,
Subject Access Request (SAR) ,
UK ,
UK ICO
Why does this topic matter to organisations?
In today's world, it is increasingly important to be able to move data freely to wherever those data are needed. However, the transfer of personal data to recipients outside the...more
4/20/2019
/ Adequacy Requirement ,
Binding Corporate Rules ,
Certifications ,
Cloud Service Providers (CSPs) ,
Code of Conduct ,
Consumer Rights Directive ,
Data Controller ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
International Data Transfers ,
Jurisdiction ,
Model Clauses ,
Personal Data ,
Personally Identifiable Information ,
Public Interest ,
Technology Sector
Why does this topic matter to organisations?
Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
4/18/2019
/ Compliance ,
Confidentiality Policies ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
DPA ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Reporting Requirements
Why does this topic matter to organisations?
Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
4/16/2019
/ Compliance ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Liability ,
Notification Requirements ,
Personal Data ,
Personally Identifiable Information ,
Reporting Requirements
Why does this topic matter to organisations?
EU data protection law provides data subjects with a wide array of rights that can be enforced against organisations that process personal data. These rights may limit the...more
4/16/2019
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Processors ,
Data Protection ,
Direct Marketing ,
Duty to Inform ,
Employee Training ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Policy ,
Rectification ,
Right of Access ,
Right to Be Forgotten ,
Right to Object ,
Right to Restrict ,
Time Restrictions ,
Transparency
Why does this topic matter to organisations?
Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. Each and every data processing activity requires a lawful...more
4/15/2019
/ Consent ,
Data Collection ,
Data Controller ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Informed Consent ,
International Data Transfers ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Withdrawal
Why does this topic matter to organisations?
Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
4/12/2019
/ Consent ,
Data Controller ,
Data Processing Rules ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legitimate Business Interest ,
Member State ,
Personal Data ,
Personally Identifiable Information
Why does this topic matter to organisations?
The defined terms set out in this Chapter are of critical importance to understanding how EU data protection law applies to an organisation. For example, the question of whether...more
4/3/2019
/ Consent ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information