According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...
The 4th meeting of the EDPB takes place today on 16 November 2018. The Agenda for the meeting is available for consultation here. Topics for discussion and/or adoption included reorganisation of the EDPB subgroups, Brexit, the Consultation on COM’s draft question and answer document on interplay between Clinical Trial Regulation and GDPR: attribution of the topic ...
Last month I attended ENISA's Security of Personal Data Processing Event in Athens, Greece. The event was organised together with the Digital SME Alliance and the Hellenic Data Protection Authority. During the day experts in the field, including myself, shared their advice and journey of complying with the General Data Protection Regulation with a focus ...
On 6 November 2018 the ICO published it's report to Parliament (Investigation into the use of data analytics in political campaigns A report to Parliament 6 November 2018). The detailed report serves as an update to the ICO's ongoing investigation into the use of data analytics for political purposes which commenced in May 2017 and whose ...
On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...
Part 5. Core International Data Protection Principles: Purpose specification Another core principle of data protection is purpose specification, a primary instrument of international data protection that is closely related to the principles of data quality and use limitation. The purposes for which personal data are collected need to be specified before or at the latest, at the time ...
In light of the Facebook-Cambridge Analytica scandal, this past Thursday (25 October 2018) MEPs called for a full audit on Facebook in addition to new measures against interference in elections. The (non-binding) resolution (European Parliament resolution of 25 October 2018 on the use of Facebook users’ data by Cambridge Analytica and the impact on data protection (2018/2855(RSP)) adopted ...
Part 4. Core International Data Protection Principles: Collection limitation, lawfulness and fairness The principle of collection limitation with respect to personal data establishes that data should be collected by way of fair and lawful means, with the knowledge and when appropriate, the consent of the data subject as so to limit indiscriminate data collection. In the Smart ...
Part 3. Core International Data Protection Principles: Openness Accountability, collection limitation, purpose specification, use limitation, security, data quality, access and correction, and openness - these are all core principles of data protection that are so fundamental, they are internationally recognised. Let's start with Openness. Data controllers must always be open and transparent with respect to their developments, practices, ...
Part 2. Legal compliance = primary enabler of Smart Data and Data protection by design and by default As stated in the introductory post in this blog series, my aim is to develop a sound legal methodology for the generation of #SmartData from #bigdata in order to allow us to successfully harness value in massive datasets ...
Top-tier ICT, privacy & data protection lawyer and Founding Partner of ICT Legal Consulting. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity within the Maastricht University Faculty of Law. President of the European Privacy Association. Lead Auditor BS ISO/IEC 27001:2013 (IRCA Certified).
Read more
CONNECT