#Art29WP Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP's position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the article ...

#Art29WP publishes Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR

On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are to be ...

GDPR Workshop in Amsterdam

Only 24 business days before The European General Data Protection Regulation (wet AVG) will enter into effect. Though many companies approach compliance activities as a purely legal matter, the GDPR is more than a necessary business requirement. In this GDPR Workshop, hosted by ICT Legal Consulting International, Professor Dr. Paolo Balboni will present a strategic ...

EDPS calls for wider debate on the future of information sharing in the EU

The European Data Protection Supervisor has called for a smarter approach to information sharing to address challenges relating to security and border management in its Opinion 4/2018 on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems.   

Article 29 WP announces new Social Media Working Group

In light of the recent Cambridge Analytica scandal, the Article 29 WP has announced that it fully supports investigations by national DPAs concerning the collection and use of personal data through our omnipresent use of social media, declaring that it will create a Social Media Working Group to work on the matter. Read the official press release ...

Data breaches under the GDPR: A Webinar with Tresorit CEO and co-founder Istvan Lam

Want to know how to handle data breaches under the GDPR? Join me and Tresorit CEO and co-founder Istvan Lam on April 25th 2018 for a webinar where we will help you understand what exactly is considered a data breach under the GDPR, when you have to report an incident and to whom, who is liable for ...

Italian Data Protection Authority first semester 2018 inspection plan

On February 1st 2018 the Italian Data Protection Authority (DPA) published the inspection plan for the first semester of 2018. According to this inspection plan, the Italian DPA will focus its controls on processing activities of health data for research purposes, rating the solvency of enterprises, national statistical systems, the Italian Public System of Digital Identity ...

EDPS publishes “Guidelines on the protection of personal data in IT governance and IT management of EU institutions”

The EDPS has published new Guidelines on the processing of personal data through information systems for EU institutions which include 26 recommendations for EU institutions to follo win order to better their own own accountability with respect to the information systems and databases they make use of. Read the complete "Guidelines on the protection of personal ...

New Publication | Controversies and Challenges of Trustmarks: Lessons for Privacy and Data Protection Seals

My latest academic publication, "Controversies and Challenges of Trustmarks: Lessons for Privacy and Data Protection Seals", has recently been published in Privacy and Data Protection Seals, IT & Law Series Volume 28, distributed for T.M.C. Asser Press by Springer. My contribution explores data protection seals and their relative challenges and controversies, highlighting significant aspects from the ...

EDPS publishes new Guidelines on the use of cloud computing services by the European institutions and bodies

On 16 March the European Data Protection Supervisor published new Guidelines on the use of cloud computing services by the European institutions and bodies.   The Guidelines provide suggestions and instructions for EU institutions in order to further compliance with Regulation (EC) No. 45/2001.  The Guidelines deal specifically with: - how to assess the appropriateness of the ...