The Belgian Privacy Commission (the “Belgian DPA”) recently released a Recommendation (in French and Dutch) on Data Protection Impact Assessment (“DPIA”) and the prior consultation requirements under Articles 35 and 36 of the EU General Data Protection Regulation (“GDPR”) (the “Recommendation”). The Recommendation aims to provide guidance on the core elements and requirements of a DPIA, the different actors involved and specific provisions. Continue Reading Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessment

On March 29, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its draft guidelines on the accreditation of certification bodies under the GDPR (the “Guidelines”). The Guidelines were adopted by the Working Party on February 6, 2018, for public consultation. Continue Reading CIPL Submits Comments to Article 29 Working Party’s Draft Guidelines on the Accreditation of Certification Bodies under the GDPR

On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued a factsheet outlining relevant GDPR provisions for negotiations surrounding the proposed ePrivacy Regulation (the “Factsheet”). Continue Reading CIPL Issues Factsheet on Key Issues Relating to the Relationship Between the Proposed ePrivacy Regulation and the GDPR

On March 26, 2018, the U.S. Department of Commerce posted an update on the actions it has taken between January 2017 and March 2018 to support the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”). The update details measures taken in support of commercial and national security issues relating to the Privacy Shield. Continue Reading U.S. Department of Commerce Posts Update of Actions to Support the Privacy Shield Frameworks

On March 26, 2018, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released its second Global GDPR Readiness Report (the “Report”), detailing the results of a joint global survey launched in July 2017 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”). The Report tracks the GDPR implementation efforts of over 235 multinational organizations, and builds on the findings of the first Global GDPR Readiness Report by providing insights on key changes in readiness levels from 2016 to 2017. Continue Reading CIPL and AvePoint Release Second Global GDPR Readiness Report

Hunton & Williams LLP is pleased to announce that Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership (“CIPL”), has been selected as Chair for the Bailiwick of Guernsey’s new data protection authority. Adding the appointment to his position at CIPL, Thomas will be formally appointed in May and will work with the Data Protection Commissioner and the States of Guernsey to support the island’s regulatory framework in conjunction with the introduction of its new data protection law. Thomas will work on a shadow basis until his formal appointment, and the role is expected to command between 10 and 15 days per year. Continue Reading Richard Thomas Selected as Chair for Guernsey’s New Data Protection Authority

The Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP is pleased to announce that Nathalie Laneret will be joining CIPL as Director of Privacy Policy in May. She brings more than 20 years of experience in data protection policy both in-house and in private practice. She is admitted to the New York and Paris bars and has experience in both France and in the U.S. on data protection, IT and security matters, contracts, competition law, compliance issues and litigation. Continue Reading CIPL Welcomes Nathalie Laneret as New Director of Privacy Policy

On March 6, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a white paper on GDPR Implementation in Respect of Children’s Data and Consent (the “White Paper”). The White Paper sets forth guidance and recommendations concerning the application of GDPR requirements to the processing of children’s personal data. The White Paper also highlights and addresses several issues raised by the Article 29 Working Party (the “Working Party”) with regard to children in its guidelines on consent and issues raised by the UK Information Commissioner’s Office in its Consultation on Children and the GDPR. Continue Reading CIPL Issues White Paper on GDPR Implementation in Respect of Children’s Data and Consent

On February 12, 2018, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) published on its website (in English and French) a form to be used for the purpose of compliance with data breach notification requirements applicable under the EU General Data Protection Regulation (the “GDPR”). The CNPD also published questions and answers (“Q&As”) regarding the requirements (only available in French). Continue Reading Luxembourg DPA Publishes Data Breach Reporting Form

On February 7, 2018, representatives of European Data Protection Authorities (“DPAs”) met in Brussels to appoint the new leader of the current Article 29 Data Protection Working Party (the “Working Party”). Andrea Jelinek, head of the Austrian DPA, was elected to the post and will replace Isabelle Falque-Pierrotin, leader of the French DPA, who has represented the Working Party over the past four years. Continue Reading Head of Austrian DPA Appointed Chair of Article 29 Working Party