EU

On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation (“GDPR”) related to the appointment of a data protection officer (“DPO”). Following the notification of a…

Broadcast date: Wednesday, May 13, 2020 Time: 8:00–9:00 a.m. PT, 11:00 a.m.–noon ET, 5:00–6:00 p.m. CET Looking back, it’s clear the EU General Data Protection Regulation was a defining moment in getting boards to pay attention to organizational privacy compliance. No doubt, for U.S. companies, the California Consumer Privacy Act…

This is a hotly debated question that has different answers in different legal jurisdictions. Under the EU General Data Protection Regulation and EU case law, IP addresses (both static and dynamic) are considered personal data, while definitions of personal information in the U.S. Privacy Act and many state privacy laws…

Image Credits: Vinicius Massuela/EyeEm / Getty Images You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. Not if you need to be compliant with European data protection law. That’s the unambiguous message from the…

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. The six steps are summarized below. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”…

The European Union’s widely anticipated General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Designed to provide EU citizens with better control over their personal data, this comprehensive reform of data protection in the EU has far-reaching implications. But how and to what extent will this new…

The early fines to American tech firms will reveal another level of guidance from the Data Protection Authorities. First you should read the LAW. Then seek clarity from the official guidance documents. Then finally, look to the details of the violations. WHAT they fine for is critical information for operations…

For many organisations, the appointment of the DPO has been one of the more complicated requirements to deal with under the GDPR. The detailed description of the workload, the high requirements in terms of expertise, but also the expectations of the Article 29 Working Party guidelines in terms of availability…

Key points:European Data Protection Law requires appropriate technical and organizational measures to implement the data protection principles and safeguard individual rights. This is called ‘data protection by design and by default’.In essence, this means controllers must integrate or ‘bake in’ data protection into processing activities and business practices from the design stage and throughout the…

Privacy by design is a fairly old concept in systems engineering and its general meaning is pretty obvious. Wikipedia describes it as “not about data protection” but rather “designing so data doesn’t need protection,” with the “root principle based on enabling service without data control transfer from the citizen to the…