The General Data Protection Regulation (GDPR) applicable since 25 May 2018 , modifies the legal rules on the use of biometric data. The processing of biometric data for the purpose of “uniquely identifying a natural person” is, as a matter of principle, prohibited under Article 9 GDPR . Amongst the authorised exceptions is the processing “necessary … Continue Reading
The French data protection authority (CNIL) has published its annual investigation program for 2018, which is the first since the GDPR came into force on May 25, 2018. The report indicates that the CNIL intends to conduct over 300 investigations (onsite, online or per request of documentation or formal hearing) and will focus on the … Continue Reading
Regulators across Europe, have recorded a sharp increase in the number of data-related complaints and data breach notifications since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR has radically reshaped how businesses can collect, use and store personal information. As a result of the new and expanded rights … Continue Reading
The final countdown has started, there are a few days left before GDPR takes effect on Friday 25 May 2018. What are you doing about compliance? If you need assistance, in the EU or outside the EU, for your GDPR compliance program do not hesitate to contact a member of our global Data Protection … Continue Reading
Change is the order of the day for the automotive industry. Cars are going solo. Traffic tests of autonomous cars are occurring all over the world, even if scientists differ on whether the technology is ready to be deployed in everyday traffic. However, this concerns mainly safety issues, such as the physical safety of passengers … Continue Reading
“Are we prepared for the GDPR?” Not nearly as many companies as should be are asking themselves this question. As such, we have prepared this short post for those that are barely or not at all prepared for General Data Protection Regulation (GDPR) compliance – as 25 May 2018, the day GDPR will enter into … Continue Reading
The obligation on controllers to pay a fee will remain in place following the implementation of the General Data Protection Regulation, the GDPR, on 25 May 2018. The fees act as the main source of funding for the UK’s data protection supervisory authority, the Information Commissioner’s Office (the ‘ICO’). The Government, which has a statutory … Continue Reading
What is CCTV? CCTV means closed-circuit television, also known as video surveillance. Video surveillance systems monitors the behavior, activities, or other changing information, usually, of people from a distance by means of electronic equipment. Video surveillance can include anything from closed circuit television or automatic number-plate recognition systems, to any other system for recording, storing, … Continue Reading
As 2018 picks up steam from its start, we are beginning to see traction in relation to various new regional data privacy and cybersecurity laws. Many of the provisions seem designed to enable countries to seek an EU Adequacy Finding, which is akin to the Privacy Shield provisions between the EU and the US. This … Continue Reading
Happy New Year! With 2018 off to a rapid start, companies now have fewer than five months to become GDPR-compliant. Although the basic principles and obligations enshrined in the GDPR are not new, the GDPR contains a complex, interlinked series of requirements whose practical application to real world situations is often very unclear. The Article … Continue Reading
On December 13, 2017 the French Ministry of Justice published a draft law to accompany the implementation within France of the General Data Protection Regulation 2016/679 (GDPR) and the Directive 2016/680, governing the handling of data in law enforcement situations. The following are some of the noticeable change brought by the draft law with respect … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 11 December 2017.… Continue Reading
Blockchain involves various computers that are located in different states around the world so that the jurisdictions and applicable laws are questionable and assumingly not known to the parties using the blockchain technology. In principle a blockchain is a distributed ledger, that can be defined as a replicated, shared, and synchronized digital data structure maintained … Continue Reading
On 12 December 2017, Article 29 Working Party (WP29) published its draft guidelines on transparency under the GDPR. As with the draft guidance on consent, published on the same day, WP29 invites comments to be submitted by 23 January 2018.… Continue Reading
On 12 December 2017, Article 29 Working Party (WP29) published its long-awaited draft guidelines on consent under the GDPR. The guidelines build on WP29’s ‘Opinion on the definition of consent’, adopted in July 2011. As with the draft guidance on transparency, published the same day, WP29 invites comments to be submitted by 23 January 2018. … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
To allow Data Protection Officers (“DPOs”) to interact with one another and share best practices, the European Data Protection Supervisor (“EDPS”) has published a list of DPOs currently appointed by EU agencies. This list identified notably the DPOs for the EDPS as well as the European Court of Justice. The publication of this information not … Continue Reading
On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free. The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.… Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 6 November 2017. … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 30 October 2017.… Continue Reading
The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns. Regardless of industry sector, size or commercial focus, companies not only … Continue Reading
The G29 is continuing its work to clarify GDPR with a view to its implementation in May 2018. The subject of personal data breach notification is not entirely new, as the reporting obligation, which will soon apply to all, already exists for communication service providers. However, these guidelines reiterate or provide more detailed information about … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 16 October 2017.… Continue Reading
The revised EU’s Payment Services Directive (PSD2) and EU’s General Data Protection Regulation (GDPR) will both come in force in 2018. Seemingly unconnected, these two regulatory initiatives share a common goal– putting customers in control of their own personal data and keeping that personal data safe. PSD2 is an update to the original Payment Service … Continue Reading
