Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
On May 24, 2017, the Bavarian Data Protection Authority published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation.… Continue Reading
On April 13, 2017, the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information published an English translation of the draft Standard Data Protection Model. The SDM was adopted in November 2016 at the Conference of the Federal and State Data Protection Commissioners. … Continue Reading
On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted its draft Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. The Guidelines aim to clarify when a data protection impact assessment is required under the EU GDPR.… Continue Reading
On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading
On March 28, 2017, the French Data Protection Authority published its Annual Activity Report for 2016 and released its annual inspection program for 2017. The Report presents the main accomplishments in 2016 and highlights the diversified activity at both the national and EU level with the adoption of two major pieces of legislation.… Continue Reading
On March 15, 2017, the French data protection authority published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation that will become applicable on May 25, 2018. The six steps are outlined in this entry. … Continue Reading
Hunton & Williams LLP, in coordination with the U.S. Chamber of Commerce, recently issued a report that provides a series of recommendations to enhance the effectiveness of data privacy regulators. … Continue Reading
On February 21, 2017, Sweet & Maxwell released a Guide to the General Data Protection Regulation, written by Hunton & Williams senior consultant attorney Rosemary Jay. This blog entry contains a link to purchase the book. … Continue Reading
On February 23, 2017, the French Data Protection Authority launched an online public consultation on three topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation. The three topics are consent, profiling and data breach notification. … Continue Reading
On February 20, 2017, the Article 29 Working Party issued a template complaint form and Rules of Procedure that clarify the role of the EU Data Protection Authorities in resolving EU-U.S. Privacy Shield-related complaints.… Continue Reading
On February 15, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted two sets of formal comments to the Article 29 Working Party. CIPL commented on the Guidelines for identifying a controller or processor’s lead supervisory authority, and on the Guidelines on the right to data portability.… Continue Reading
Pablo Palazzi, from Buenos Aires law firm Allende & Brea, reports that earlier this month, the Argentine Data Protection Agency posted the first draft of a new data protection bill on its website. The Draft Bill is heavily based on the EU GDPR and maintains the structure of Argentina’s current data protection bill.… Continue Reading
On January 25, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted formal comments to the Article 29 Working Party's Guidelines on Data Protection Officers.… Continue Reading
On January 16, 2017, the Article 29 Working Party published further information about its Action Plan for 2017, which sets forth the Working Party’s priorities and objectives in the context of implementation of the EU GDPR for the year ahead.… Continue Reading
On January 3, 2017, as reported in Bloomberg Law: Privacy and Data Security, Chilean legislators are soon expected to consider a new data protection law which would impose new privacy compliance standards and certain enforcement provisions on companies doing business in Chile. … Continue Reading
On December 15, 2016, the Article 29 Data Protection Working Party issued a press release announcing its December 13, 2016, adoption and release of three sets of guidelines and FAQs on key implementation issues under the EU General Data Protection Directive. … Continue Reading
On November 30, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper on The One-Stop-Shop and the Lead DPA as Co-operation Mechanisms in the GDPR.… Continue Reading
On November 23, 2016, Bloomberg BNA reported that the Hague Administrative Court in the Netherlands upheld a decision by the Dutch Data Protection Authority that WhatsApp was in breach of the Dutch Data Protection Act. … Continue Reading
On November 18, 2016, the Argentina Data Protection Agency (“DPA”) announced that it had issued DNPDP Disposition 60 – a new regulation on international transfers of personal data (the “Regulation”). … Continue Reading
On November 10, 2016, Moscow’s Court of Appeal upheld a lower court’s decision that LinkedIn violated Russia’s data localization law requiring Russian personal data to be stored within Russian territory. Roskomnadzor, Russia’s data protection authority, is now set to block access to the social media website across Russia.… Continue Reading
On October 20, 2016, the Centre for Information Policy Leadership hosted a side workshop at the International Conference of Data Protection & Privacy Commissioners focused on transparency and risk assessment, entitled “The Role of Risk Assessment and Transparency in Enabling Organizational Accountability in the Digital Economy.”… Continue Reading
