The new rules governing the protection of personal data in EU institutions and the formal duties of the EDPS are established in Regulation (EU) 2018/1725 which replaces Regulation (EC) No 45/2001. As the EDPS pointed out in it's recent press release, the adoption of this regulation represents a fundamental step in the completion of the EU data protection framework. What's ...
12Dec 2018
Cloud Security Alliance Announces 2018 Ron Knode Service Award
I am extremely honoured to share the news that I have been recognised by the Cloud Security Alliance (CSA) as a recipient of the seventh annual Ron Knode Service Award along with five other members for excellence in volunteerism and dedication in furthering cloud security best practices that help ensure a secure cloud computing environment. The Cloud Security Alliance us the world’s leading organization dedicated ...
10Dec 2018
The New Frontier of Competition in the Digital Market: Personal Data Protection, My Lecture for the Maastricht University Star Lecture in Brussels
13 lectures in 13 different cities and 5 countries on the same day at the same time, the UM Star Lectures. On 7 February 2019, I will lecture as part of this traditional series of lectures for alumni. The event is organised to reach out to and inspire alumni, share academic insights, experiences and memories and to create ...
09Dec 2018
5th EDPD Plenary Session: EU-Japan draft adequacy decision, DPIA lists, Artile 43 GDPR
The 5th EDPD Plenary Session took place last week on 4 and 5 December 2018. Main points of the agenda included the EU-Japan draft adequacy decision, the adoption of opinions on the Data Protection Impact Assessment (DPIA) lists submitted by Denmark, Croatia, Luxembourg and Slovenia, and the revision of the Article 29 Working Party guidelines on accreditation. ...
20Nov 2018
4th EDPB Plenary session recap
On 16 November the European Data Protection Authorities gathered for the 4th plenary session of the European Data Protection Board and yesterday, 19 November, a summary of some of the most important aspects discussed at the meeting was published providing an update on the EU-Japan draft adequacy decision, Clinical Trials Regulation and territorial scope. Here are the main ...
18Nov 2018
Garante Privacy: “Taking Stock Of The First 4 Months Of Implementing The GDPR”
According to the Italian DPA, the Garante Privacy, as of 28 September 2018, four months after the GDPR became fully applicable in Italy: 40,738 appointed DPO's contact information was communicated 2,547 complaints and reports were received 305 data breach notifications were made 7,200 requests to the Garante's font office were made These numbers show a significant ...
16Nov 2018
Agenda of the 4th EDPB meeting
The 4th meeting of the EDPB takes place today on 16 November 2018. The Agenda for the meeting is available for consultation here. Topics for discussion and/or adoption included reorganisation of the EDPB subgroups, Brexit, the Consultation on COM’s draft question and answer document on interplay between Clinical Trial Regulation and GDPR: attribution of the topic ...
16Nov 2018
My contribution at ENISA’s Security of Personal Data Processing Event
Last month I attended ENISA's Security of Personal Data Processing Event in Athens, Greece. The event was organised together with the Digital SME Alliance and the Hellenic Data Protection Authority. During the day experts in the field, including myself, shared their advice and journey of complying with the General Data Protection Regulation with a focus ...
11Nov 2018
ICO’s report updates investigation into the use of data analytics in political campaigns
On 6 November 2018 the ICO published it's report to Parliament (Investigation into the use of data analytics in political campaigns A report to Parliament 6 November 2018). The detailed report serves as an update to the ICO's ongoing investigation into the use of data analytics for political purposes which commenced in May 2017 and whose ...
06Nov 2018
EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities
On 26 September 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that ...
CONNECT