The importance of the Records of processing activities (Art. 30 GDPR)

A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and ...

Let’s not forget about Data Protection by Design

One month after the EU's General Data Protection Regulation has become directly applicable in all EU Member States, I would like to take the opportunity to consider the importance of what I deem to be a fundamental pillar of privacy and data protection: Data Protection by Design/Default (“DPbD”). What is data protection ‘by design’ and ‘by default’? ...

#Art29WP Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP's position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the article ...

#Art29WP publishes Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR

On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are to be ...

GDPR Workshop in Amsterdam

Only 24 business days before The European General Data Protection Regulation (wet AVG) will enter into effect. Though many companies approach compliance activities as a purely legal matter, the GDPR is more than a necessary business requirement. In this GDPR Workshop, hosted by ICT Legal Consulting International, Professor Dr. Paolo Balboni will present a strategic ...

Data breaches under the GDPR: A Webinar with Tresorit CEO and co-founder Istvan Lam

Want to know how to handle data breaches under the GDPR? Join me and Tresorit CEO and co-founder Istvan Lam on April 25th 2018 for a webinar where we will help you understand what exactly is considered a data breach under the GDPR, when you have to report an incident and to whom, who is liable for ...

Only 70 days left. Are you ready?

In just 70 days the European Union will have a single set of data protection laws, the long-awaited General Data Protection Regulation. The Regulation will not only protect the fundamental right to privacy and personal data protection of individuals, but in harmonising national legislations will facilitate compliance for businesses.  

EC publishes Communication on General Data Protection Regulation

On 24 January 2018 the European Commission  published a Communication to the European Parliament and the Council Stronger protection, new opportunities - Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018. The Communication: details the opportunities new European data protection legislation will provide explains what the EC and ...