In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP's position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the article ...
On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are to be ...
Only 24 business days before The European General Data Protection Regulation (wet AVG) will enter into effect. Though many companies approach compliance activities as a purely legal matter, the GDPR is more than a necessary business requirement. In this GDPR Workshop, hosted by ICT Legal Consulting International, Professor Dr. Paolo Balboni will present a strategic ...
The European Data Protection Supervisor has called for a smarter approach to information sharing to address challenges relating to security and border management in its Opinion 4/2018 on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems.
In light of the recent Cambridge Analytica scandal, the Article 29 WP has announced that it fully supports investigations by national DPAs concerning the collection and use of personal data through our omnipresent use of social media, declaring that it will create a Social Media Working Group to work on the matter. Read the official press release ...
Want to know how to handle data breaches under the GDPR? Join me and Tresorit CEO and co-founder Istvan Lam on April 25th 2018 for a webinar where we will help you understand what exactly is considered a data breach under the GDPR, when you have to report an incident and to whom, who is liable for ...
On February 1st 2018 the Italian Data Protection Authority (DPA) published the inspection plan for the first semester of 2018. According to this inspection plan, the Italian DPA will focus its controls on processing activities of health data for research purposes, rating the solvency of enterprises, national statistical systems, the Italian Public System of Digital Identity ...
The EDPS has published new Guidelines on the processing of personal data through information systems for EU institutions which include 26 recommendations for EU institutions to follo win order to better their own own accountability with respect to the information systems and databases they make use of. Read the complete "Guidelines on the protection of personal ...
My latest academic publication, "Controversies and Challenges of Trustmarks: Lessons for Privacy and Data Protection Seals", has recently been published in Privacy and Data Protection Seals, IT & Law Series Volume 28, distributed for T.M.C. Asser Press by Springer. My contribution explores data protection seals and their relative challenges and controversies, highlighting significant aspects from the ...
On 16 March the European Data Protection Supervisor published new Guidelines on the use of cloud computing services by the European institutions and bodies. The Guidelines provide suggestions and instructions for EU institutions in order to further compliance with Regulation (EC) No. 45/2001. The Guidelines deal specifically with: - how to assess the appropriateness of the ...
Top-tier ICT, privacy & data protection lawyer and Founding Partner of ICT Legal Consulting. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity within the Maastricht University Faculty of Law. President of the European Privacy Association. Lead Auditor BS ISO/IEC 27001:2013 (IRCA Certified).
Read more
CONNECT