UK
EDPB: Position on Contact Tracing
During its 30th plenary session, the EDPB adopted a statement on data subject rights in connection to the state of emergency in Member States. The Board also adopted a letter in response to a letter from Civil Liberties Union for Europe, Access Now and the Hungarian Civil Liberties Union (HCLU)…
Read More »GDPR Fines Tracker & Statistics
The GDPR fines tracker was initially created as an in-house tool to aid the research proces because our writers had found it difficult to get accurate breakdowns of statistics that could be used within articles. We quickly decided that turning the tool into a referencable page would not only speed…
Read More »Free Webinar: Claude Saulnier’s “Got RoPA, no cry” (set to the music of Bob Marley)
Okay, this won’t be a musical but will be an entertaining discussion on how and why you should keep Records of Processing Activities as per Article 30 of the GDPR. Did you know that every organisation should be keeping RoPA – the exception is not a blanket one? If this…
Read More »Organisational roles and functions for explaining AI
At a glance Anyone involved in the decision-making pipeline has a role to play in contributing to an explanation of a decision supported by an AI model’s result. This includes what we have called the AI development team, as well as those responsible for how decision-making is governed in your…
Read More »UK contact-tracing app could fall foul of privacy law, government told
The NHS contact-tracing app must not be rolled out across the UK until the government has increased privacy and data protections, an influential parliamentary committee has said, as rights groups warn that the current trial is unlawful under the Data Protection Act. The joint committee on human rights said on…
Read More »One, smart (and legally compliant) cookie.
Last year, I had the privilege of chairing and moderating a panel of data protection/privacy lawyers speaking on European General Data Protection Regulation (GDPR) developments at the Ontario Bar Association’s (OBA) “Privacy Law Summit”. The Privacy Law Summit is a Continuing Professional Development (CPD) conference organized annually by the Privacy and…
Read More »Return to Sender: Data Breaches and Email Correspondence
14th May 2020 Data controllers in both the private and public sector issue and receive large volumes of email correspondence on a daily basis. While email is a valued and effective communication tool, it can be the source of a number of common data protection breaches. Typically, most data breaches…
Read More »Reporting to the Board on Privacy Compliance: What, Why, How?
Broadcast date: Wednesday, May 13, 2020 Time: 8:00–9:00 a.m. PT, 11:00 a.m.–noon ET, 5:00–6:00 p.m. CET Looking back, it’s clear the EU General Data Protection Regulation was a defining moment in getting boards to pay attention to organizational privacy compliance. No doubt, for U.S. companies, the California Consumer Privacy Act…
Read More »6 Steps to Prepare for GDPR
On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. The six steps are summarized below. Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”…
Read More »GDPR & Electronic Discovery: What to Do Before, During and After Litigation
The European Union’s widely anticipated General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Designed to provide EU citizens with better control over their personal data, this comprehensive reform of data protection in the EU has far-reaching implications. But how and to what extent will this new…
Read More »
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
