5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR

The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018.  Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...

4th EDPB Plenary session recap

On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...

EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...

Big data, smart data, my data, your data: Smart data protection by design (Part 1)

“The oil of the 21st century”, “the fuel of the digital economy”, the “data gold rush”. There’s no doubt that data is playing an ever-more important role in both the global society and the economy. The former Article 29 Working Party, renamed European Data Protection Board on 25 May 2018, when the GDPR became directly applicable ...

Scenari internazionali della data protection alla luce del nuovo Dlgs 101/2018

Intervistato da Federprivacy, spiego gli scenari internazionali della data protection alla luce del nuovo D.lgs. 101/2018, durante una pausa della mia docenza al Master Privacy Officer e Consulente della Privacy. Guardate qui.

The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

100 cross-border cases in the Internal Market Information System (IMI) under investigation: consistency is paramount

After the second plenary meeting of the European Data Protection Board, which took place on 4 and 5 July 2018, a substantial increase in the number of complaints received by Supervisory authorities has emerged.  In fact, at present there are approximately 100 cross-border cases in the Internal Market Information System (IMI) under investigation. The first results ...

Let’s not forget about Data Protection by Design

One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...

European Union Agency for Fundamental Rights Releases its “Handbook on European data protection law – 2018 edition”

The European Union Agency for Fundamental Rights has released the updated 2018 edition of the "Handbook on European data protection law" which provides us with an understanding of the European Union and Council of Europe's applicable data protection legal frameworks. The handbook is particularly useful in that in addition to providing an overview of EU data protection law, it ...