Q1/ Applicable legislation
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
Old legislation has been updated.
———...more
11/20/2019
/ Bulgaria ,
Civil Monetary Penalty ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Personal Data ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Sanctions ,
Sensitive Personal Information
Foreword -
European data protection laws have made significant strides in the last two decades.
Privacy and data protection laws have undergone dramatic changes over the last 20 years, in a race to keep up with technology....more
11/14/2019
/ Compliance ,
Consent ,
Consumer Rights Directive ,
Corporate Counsel ,
Criminal Convictions ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Officers (DPOs) ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Member State ,
Minors ,
New Guidance ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Popular ,
Public Interest ,
Regulatory Agenda ,
Sanctions ,
Sensitive Business Information ,
Sensitive Personal Information
EU data protection law contains a powerful tool called a Subject Access Request ("SAR") which allows an individual to obtain copies of data about themselves, on demand, within a tight timeframe, and at low cost. Satisfying...more
6/13/2019
/ Burden of Proof ,
Data Controller ,
Data Processors ,
Discovery Disputes ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Journalism ,
Legal Professional Privilege ,
Personal Data ,
Subject Access Request (SAR) ,
UK ,
UK ICO
Why does this topic matter to organisations?
Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
4/24/2019
/ Administrative Fines ,
Civil Liability ,
Criminal Sanctions ,
Damages ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Subjects Rights ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Privacy Laws ,
Remedies ,
Risk Management ,
Sanctions ,
Statutory Violations
Why does this topic matter to organisations?
Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
4/18/2019
/ Compliance ,
Confidentiality Policies ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
DPA ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Reporting Requirements
Why does this topic matter to organisations?
Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
4/16/2019
/ Compliance ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Liability ,
Notification Requirements ,
Personal Data ,
Personally Identifiable Information ,
Reporting Requirements
Why does this topic matter to organisations?
EU data protection law provides data subjects with a wide array of rights that can be enforced against organisations that process personal data. These rights may limit the...more
4/16/2019
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Processors ,
Data Protection ,
Direct Marketing ,
Duty to Inform ,
Employee Training ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Privacy Policy ,
Rectification ,
Right of Access ,
Right to Be Forgotten ,
Right to Object ,
Right to Restrict ,
Time Restrictions ,
Transparency
Why does this topic matter to organisations?
Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. Each and every data processing activity requires a lawful...more
4/15/2019
/ Consent ,
Data Collection ,
Data Controller ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Informed Consent ,
International Data Transfers ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Withdrawal
Why does this topic matter to organisations?
Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
4/12/2019
/ Consent ,
Data Controller ,
Data Processing Rules ,
Data Processors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Legitimate Business Interest ,
Member State ,
Personal Data ,
Personally Identifiable Information
Overview of key issues -
The GDPR raises a number of key issues that organisations should consider, including the following...more
4/11/2019
/ Breach Notification Rule ,
Compliance ,
Consent ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular
Directive 95/46/EC -
Prior to the GDPR, the EU's data protection regime was governed by the Directive. The Directive (as with all EU Directives) did not apply automatically, and had to be transposed into the national laws...more
Why does this topic matter to organisations?
The defined terms set out in this Chapter are of critical importance to understanding how EU data protection law applies to an organisation. For example, the question of whether...more
4/3/2019
/ Consent ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information