On June 20, 2017, the UK Information Commissioner’s Office published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. The revisions more closely align the ICO’s position with the court’s judgments.… Continue Reading
The Centre for Information Policy Leadership at Hunton & Williams LLP recently submitted formal comments to the Article 29 Working Party’s Guidelines on Data Protection Impact Assessment and determining whether processing is "likely to result in a high risk" that were adopted on April 4, 2017.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted its draft Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. The Guidelines aim to clarify when a data protection impact assessment is required under the EU GDPR.… Continue Reading
On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading
On March 15, 2017, the French data protection authority published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation that will become applicable on May 25, 2018. The six steps are outlined in this entry. … Continue Reading
Recently, the UK Information Commissioner’s Office published draft guidance regarding the consent requirements of the EU General Data Protection Regulation that sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. … Continue Reading
On February 21, 2017, Sweet & Maxwell released a Guide to the General Data Protection Regulation, written by Hunton & Williams senior consultant attorney Rosemary Jay. This blog entry contains a link to purchase the book. … Continue Reading
On February 15, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted two sets of formal comments to the Article 29 Working Party. CIPL commented on the Guidelines for identifying a controller or processor’s lead supervisory authority, and on the Guidelines on the right to data portability.… Continue Reading
Pablo Palazzi, from Buenos Aires law firm Allende & Brea, reports that earlier this month, the Argentine Data Protection Agency posted the first draft of a new data protection bill on its website. The Draft Bill is heavily based on the EU GDPR and maintains the structure of Argentina’s current data protection bill.… Continue Reading
On November 30, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper on The One-Stop-Shop and the Lead DPA as Co-operation Mechanisms in the GDPR.… Continue Reading
On November 19, 2016, the French government enacted a bill creating a legal basis for class actions against data controllers and processors resulting from data protection violations. The bill establishes a general class action regime and includes specific provisions regarding data protection violations.… Continue Reading
On November 18, 2016, the Argentina Data Protection Agency (“DPA”) announced that it had issued DNPDP Disposition 60 – a new regulation on international transfers of personal data (the “Regulation”). … Continue Reading
On November 9, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation. … Continue Reading
On October 7, 2016, the French Digital Republic Bill (the “Bill”) was enacted after a final vote from the Senate. The Bill aligns the French legal data protection framework with the EU General Data Protection Regulation (“GDPR”) requirements before the GDPR becomes applicable in May 2018.… Continue Reading
On October 7, 2016, the Article 29 Working Party published a summary of the discussions that took place at its Fablab workshop entitled GDPR/from concepts to operational toolbox, DIY, which took place on July 26, 2016, in Brussels. … Continue Reading
On September 16, 2016, the Belgian Data Protection Authority published a 13-step guidance document to help organizations prepare for the EU General Data Protection Regulation.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
On July 20, 2016, the French Data Protection Authority announced that it issued a formal notice to Microsoft Corporation ordering the company to address several alleged violations of the French Data Protection Act concerning the Windows 10 operating system.… Continue Reading
On June 30, 2016, a joint committee composed of representatives from both chambers of the French Parliament reached a common position on the French ‘Digital Republic’ Bill that rejects the data localization amendment previously approved by the French Senate, but significantly amends other aspects of the French Data Protection Act. … Continue Reading
On June 17, 2016, the National Privacy Commission of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012, for public consultation. This blog entry provides a summary of the draft guidelines.… Continue Reading
On June 16, 2016, the French Data Protection Authority launched a public consultation on the four priority topics identified in the Article 29 Working Party's action plan for the implementation of the EU General Data Protection Regulation.… Continue Reading
On May 24, 2016, the European Data Protection Supervisor presented its Annual Report for 2015. The annual report provides an overview of the EDPS’ primary activities in 2015 and sets forth key priorities and challenges for 2016. … Continue Reading
After four years of drafting and negotiations, the long awaited EU General Data Protection Regulation has been adopted at the EU level. This blog entry highlights key aspects of the Regulation.… Continue Reading
On April 13, 2016, the Article 29 Working Party published its Opinion on the EU-U.S. Privacy Shield draft adequacy decision. The Working Party also published a Working Document on the justification for interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data.… Continue Reading
