Last week, at the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong, data protection authorities from around the world issued non-binding guidance on the processing of personal data collected by connected cars. … Continue Reading
On September 29, 2017 the French Data Protection Authority published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation.… Continue Reading
Last week, the Centre for Information Policy Leadership and several privacy team members at Hunton & Williams LLP attended the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. CIPL and Hunton also host several events during the conference.… Continue Reading
On September 20, 2017, the French Data Protection Authority announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation.… Continue Reading
On September 25, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Regulating for Results: Strategies and Priorities for Leadership and Engagement. The paper aims to stimulate dialogue about strategies and priorities for data protection authorities by putting forward a number of key questions.… Continue Reading
On September 19, 2017, the French Data Protection Authority launched an online public consultation on two topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation. These two topics are transparency and international data transfers.… Continue Reading
On September 14, 2017, the UK Government introduced a new Data Protection Bill to Parliament, which is intended to replace the UK's existing Data Protection Act 1998 and enshrine the GDPR into UK law once the UK has left the European Union.… Continue Reading
On July 25, 2017, the French Data Protection Authority published their decision on the adoption of several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes. The amendments reflect changes introduced by French law on December 9, 2016, regarding transparency, the fight against corruption and the modernization of the economy.… Continue Reading
On June 14, 2017, the Belgian Privacy Commission released a Recommendation on the requirement to maintain internal records of data processing activities pursuant to Article 30 of the GDPR. This blog entry provides highlights on the Recommendation.… Continue Reading
As reported in BNA Privacy Law Watch, on July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law.… Continue Reading
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
On May 24, 2017, the Bavarian Data Protection Authority published a questionnaire to help companies assess their level of implementation of the EU General Data Protection Regulation.… Continue Reading
On April 13, 2017, the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information published an English translation of the draft Standard Data Protection Model. The SDM was adopted in November 2016 at the Conference of the Federal and State Data Protection Commissioners. … Continue Reading
On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted its draft Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. The Guidelines aim to clarify when a data protection impact assessment is required under the EU GDPR.… Continue Reading
On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading
On March 28, 2017, the French Data Protection Authority published its Annual Activity Report for 2016 and released its annual inspection program for 2017. The Report presents the main accomplishments in 2016 and highlights the diversified activity at both the national and EU level with the adoption of two major pieces of legislation.… Continue Reading
On March 15, 2017, the French data protection authority published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation that will become applicable on May 25, 2018. The six steps are outlined in this entry. … Continue Reading
Hunton & Williams LLP, in coordination with the U.S. Chamber of Commerce, recently issued a report that provides a series of recommendations to enhance the effectiveness of data privacy regulators. … Continue Reading
On February 21, 2017, Sweet & Maxwell released a Guide to the General Data Protection Regulation, written by Hunton & Williams senior consultant attorney Rosemary Jay. This blog entry contains a link to purchase the book. … Continue Reading
On February 23, 2017, the French Data Protection Authority launched an online public consultation on three topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation. The three topics are consent, profiling and data breach notification. … Continue Reading
On February 20, 2017, the Article 29 Working Party issued a template complaint form and Rules of Procedure that clarify the role of the EU Data Protection Authorities in resolving EU-U.S. Privacy Shield-related complaints.… Continue Reading
On February 15, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted two sets of formal comments to the Article 29 Working Party. CIPL commented on the Guidelines for identifying a controller or processor’s lead supervisory authority, and on the Guidelines on the right to data portability.… Continue Reading
