On June 14, 2017, the Belgian Privacy Commission released a Recommendation on the requirement to maintain internal records of data processing activities pursuant to Article 30 of the GDPR. This blog entry provides highlights on the Recommendation.… Continue Reading
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading
On June 21, 2017, in the Queen’s Speech to Parliament, the UK government confirmed its intention to press ahead with the implementation of the EU General Data Protection Regulation into national law.… Continue Reading
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On June 7, 2017, the European Commission published a paper signalling the EU’s intention to increase its role in directing cybersecurity policy and responses across its member states. … Continue Reading
Recently, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper. The White Paper sets forth guidance and recommendations on the key concepts of transparency, consent and legitimate interest under the EU General Data Protection Regulation.… Continue Reading
On June 2, 2017, in preparation for the first annual review of the EU-U.S. Privacy Shield framework, the European Commission has sent questionnaires to trade associations and other groups to seek information from their Privacy Shield-certified members on the experiences of such organizations during the first year of the Privacy Shield.… Continue Reading
The Centre for Information Policy Leadership at Hunton & Williams LLP recently submitted formal comments to the Article 29 Working Party’s Guidelines on Data Protection Impact Assessment and determining whether processing is "likely to result in a high risk" that were adopted on April 4, 2017.… Continue Reading
With just under one year to go before the EU General Data Protection Regulation becomes law across the European Union, the UK Information Commissioner’s Office has continued its efforts to help businesses prepare for the new law, including by issuing updated guidance and its Information Rights Strategic Plan 2017-2021. The ICO also has taken steps to address its own role post-Brexit.… Continue Reading
On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield, to take place in September 2017, is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating.… Continue Reading
On May 24, 2017, the Bavarian Data Protection Authority published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation.… Continue Reading
On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted its draft Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. The Guidelines aim to clarify when a data protection impact assessment is required under the EU GDPR.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted an Opinion on the Proposed Regulation of the European Commission for the ePrivacy Regulation. The Proposed ePrivacy Regulation is intended to replace the ePrivacy Directive and to increase harmonization of ePrivacy rules in the EU. … Continue Reading
On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading
On March 28, 2017, the French Data Protection Authority published its Annual Activity Report for 2016 and released its annual inspection program for 2017. The Report presents the main accomplishments in 2016 and highlights the diversified activity at both the national and EU level with the adoption of two major pieces of legislation.… Continue Reading
On March 15, 2017, the French data protection authority published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation that will become applicable on May 25, 2018. The six steps are outlined in this entry. … Continue Reading
Recently, the UK Information Commissioner’s Office published draft guidance regarding the consent requirements of the EU General Data Protection Regulation that sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. … Continue Reading
On March 21, 2017, Hunton & Williams will host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. This blog entry provides more information on the event.… Continue Reading
Hunton & Williams LLP, in coordination with the U.S. Chamber of Commerce, recently issued a report that provides a series of recommendations to enhance the effectiveness of data privacy regulators. … Continue Reading
On March 1, 2017, Hunton & Williams senior consultant attorney Rosemary Jay presented evidence on the data protection reform package and the impact of Brexit to the UK Parliament’s House of Lords EU Home Affairs Sub-Committee meeting. … Continue Reading
On February 21, 2017, Sweet & Maxwell released a Guide to the General Data Protection Regulation, written by Hunton & Williams senior consultant attorney Rosemary Jay. This blog entry contains a link to purchase the book. … Continue Reading
On February 23, 2017, the French Data Protection Authority launched an online public consultation on three topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation. The three topics are consent, profiling and data breach notification. … Continue Reading
