Data Controller

Subscribe to Data Controller

The European Data Protection Board (“EDPB”) recently published 22 Opinions on the draft lists of Supervisory Authority (“SAs”) in EU Member States regarding which processing operations are subject to the requirement of conducting a data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (“GDPR”). Continue Reading EDPB Adopts Opinions on National DPIA Lists in the EU

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. Continue Reading CNIL Publishes Initial Assessment on Blockchain and GDPR

On July 23, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued two new discussion papers on the Central Role of Organizational Accountability in Data Protection. The goal of these discussion papers is to show that organizational accountability is pivotal to effective data protection and essential for the digital transformation of the economy and society, and to emphasize how its many benefits should be actively encouraged and incentivized by data protection authorities (“DPAs”), and law and policy makers around the globe. Continue Reading CIPL Issues Discussion Papers on the Central Role of Accountability in Data Protection

On May 30, 2018, the European Data Protection Board (“EDPB”), replacing the Article 29 Working Party, published the final version of Guidelines 2/2018 on derogations in the context of international data transfers and draft Guidelines 1/2018 on certification under the EU General Data Protection Regulation (“GDPR”).  Continue Reading EDPB Published Guidelines on Certification and Derogations under the GDPR

On May 29, 2018, Bojana Bellamy published a letter on the importance and value of data protection officers (“DPOs”) on the International Association of Privacy Professionals’ Privacy Perspectives blog, entitled A Letter to the Unsung Hero of the GDPR (the “Letter”). The Letter acknowledges the herculean efforts and boundless commitment DPOs and those in a similar role have demonstrated in preparing their organizations for the GDPR. Continue Reading Data Protection Officers: The Unsung Heroes of the GDPR

On May 16, 2018, the Irish Data Protection Bill 2018 (the “Bill”) entered the final committee stage in Dáil Éireann (the lower house and principal chamber of the Irish legislature). The Bill was passed by the Seanad (the upper house of the legislature) at the end of March 2018. In the current stage, final statements on the Bill will be made before it is signed into law by the President. Continue Reading Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

On April 11, 2018, the Article 29 Working Party (the “Working Party”) adopted two Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data (the “Recommendations”). Binding Corporate Rules (“BCRs”) are one of the mechanisms offered to companies to transfer data outside the European Economic Area to a country which does not provide an adequate level of protection for the data according to Article 45 of the GDPR. These Recommendations, in the form of questionnaires, are intended to help BCR applicants demonstrate how they fulfill the requirements of Article 47 of the GDPR. Continue Reading Article 29 Working Party Releases Updated Standard Application Forms for BCRs

On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued a factsheet outlining relevant GDPR provisions for negotiations surrounding the proposed ePrivacy Regulation (the “Factsheet”). Continue Reading CIPL Issues Factsheet on Key Issues Relating to the Relationship Between the Proposed ePrivacy Regulation and the GDPR

On March 26, 2018, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released its second Global GDPR Readiness Report (the “Report”), detailing the results of a joint global survey launched in July 2017 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”). The Report tracks the GDPR implementation efforts of over 235 multinational organizations, and builds on the findings of the first Global GDPR Readiness Report by providing insights on key changes in readiness levels from 2016 to 2017. Continue Reading CIPL and AvePoint Release Second Global GDPR Readiness Report

On February 12, 2018, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) published on its website (in English and French) a form to be used for the purpose of compliance with data breach notification requirements applicable under the EU General Data Protection Regulation (the “GDPR”). The CNPD also published questions and answers (“Q&As”) regarding the requirements. Continue Reading Luxembourg DPA Publishes Data Breach Reporting Form