The ICO has confirmed a small, but important, change to the time limits for responding to subject access requests (SARs) under the GDPR. Calculation of the one-month time limit should begin from the date on which the request was received, not the day after. Therefore, if a request is received on 3rd September, the deadline … Continue Reading
Pursuant to Article 35.4 of the RGPD (GDPR), the CNIL has published a list of 14 categories of processing activities for which it deems it necessary to perform a Data Protection Impact Assessment (DPIA). On its website, the CNIL also provides examples of the types of processing activities for each of these categories.… Continue Reading
In May this year, the General Data Protection regulation (GDPR) brought with it a new Data Subject Access Requests (DSAR) regime. We expect that the ICO will update its Code of Practice shortly. Until then, Andrew Peters of our Labour & Employment team has prepared a five-part blog series which discusses practical concerns for UK … Continue Reading
One of the new obligations introduced by the General Data Protection Regulation (GDPR) is to prepare a data protection impact assessment (DPIA) for certain types of processing operations – i.e., those which are likely to result in a high risk. To put it simply, a DPIA is a process for building and demonstrating compliance with the … Continue Reading
On May 8, Georgia governor Nathan Deal vetoed Senate Bill 315, a proposed cybersecurity law imposing penalties of up to one year in jail and a $5,000 fine for “unauthorized computer access.” In his veto, Governor Deal expressly cited concerns with the “national security implications” of the bill. He noted the it could “inadvertently hinder … Continue Reading