On 12 December 2017, Article 29 Working Party (WP29) published its long-awaited draft guidelines on consent under the GDPR. The guidelines build on WP29’s ‘Opinion on the definition of consent’, adopted in July 2011. As with the draft guidance on transparency, published the same day, WP29 invites comments to be submitted by 23 January 2018. … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
To allow Data Protection Officers (“DPOs”) to interact with one another and share best practices, the European Data Protection Supervisor (“EDPS”) has published a list of DPOs currently appointed by EU agencies. This list identified notably the DPOs for the EDPS as well as the European Court of Justice. The publication of this information not … Continue Reading
On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free. The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.… Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 6 November 2017.… Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 30 October 2017.… Continue Reading
The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns. Regardless of industry sector, size or commercial focus, companies not only … Continue Reading
The G29 is continuing its work to clarify GDPR with a view to its implementation in May 2018. The subject of personal data breach notification is not entirely new, as the reporting obligation, which will soon apply to all, already exists for communication service providers. However, these guidelines reiterate or provide more detailed information about … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 16 October 2017.… Continue Reading
The revised EU’s Payment Services Directive (PSD2) and EU’s General Data Protection Regulation (GDPR) will both come in force in 2018. Seemingly unconnected, these two regulatory initiatives share a common goal– putting customers in control of their own personal data and keeping that personal data safe. PSD2 is an update to the original Payment Service … Continue Reading
The Article 29 Working Party, the group of EU data protection authorities charged with agreeing European-wide guidance on GDPR, has published Guidelines on the Automated Individual Decision-Making and Profiling “WP251”. While the introduction of the concept of “profiling” in the GDPR is relatively new, it is not the case for automated individual decision-making, which is … Continue Reading
The Article 29 Working Party has adopted Guidelines on Data Protection Impact Assessments (DPIAs), following its consultation on a draft version published in April 2017. The final version provides additional guidance in a number of areas without materially changing the position. Further guidance is provided on the trigger for mandatory DPIAs – whether the processing … Continue Reading
While the GDPR compliance clock is ticking for companies, EU Member States have also been preparing for the implementation of the General Data Protection Regulation (“GDPR”) which will become enforceable on May 25, 2018. The GDPR will be directly applicable in all EU Member States without the need for implementing national laws. However, apart from … Continue Reading
Over the past two years, we have been assisting clients from all sectors to prepare for the implementation of the General Data Protection Regulation (“GDPR”), which will become enforceable on May 25, 2018. Whilst many companies are racing full throttle to be fully compliant by May 2018, others are just about to start the process or are … Continue Reading
On 23 August 2017, a draft bill establishing a Data Protection Authority (Wetsontwerp tot oprichting van de Gegevensbeschermingsautoriteit – Projet de loi portant creation d’Autorité de protection de données, “DPA Bill”) was introduced before the Belgian Parliament, as required by the General Data Protection Regulation (“GDPR”). The DPA Bill aims to reform the existing Commission … Continue Reading
On June 30, 2017, Germany passed its new Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU), the Act. The Act implements the European General Data Protection Regulation (GDPR) and will enter into force on 25 May 2018. It will replace the former German Data Protection Act (BDSG), which has been in force for nearly four … Continue Reading
