Showing Posts In "General Data Protection Regulation & Data Protection Laws" Category
A new brief from Osborne and Clarke discusses recent data breaches; the recurring themes of transparency and consent; the exercise of data subjects’ rights; and the increasingly important role that audits and dawn raids are likely to play, as DPAs emerge from behind their computer screens. It notes that 2018 was a busy year for […]
A four-part series of articles examines national legislation, opinions, and enacted guidelines clarifying the GDPR’s requirements. Subsequent articles in the series will cover data protection impact assessments, claims alleging violations of the GDPR, enforcement actions, and fines that have been issued. The first article helps companies to clarify whether their organization’s HR data processing is […]
The European Commission has released a study on GDPR data protection certification mechanisms. The study’s key takeaways include: the GDPR does not limit the subject matter to one specific area; valuable insight can be gained from analyzing existing certifications, assessment methodologies, contractual arrangements and audit processes in other industries; data protection authorities will need to […]
Although the GDPR went into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR. BCLP has published a multi-part series that discusses the questions most frequently asked concerning the GDPR. One topic addressed includes whether processors are required to fully indemnify controllers for all […]
How are businesses dealing with privacy complaints under GDPR? As the deadline approached last year, companies scrambled to update their data protection practices. Following a long period of adjustment, however, GDPR requirements have become normalized into existing compliance programs. What many companies were ill prepared for was the onslaught of consumers exercising their rights under […]
Unlocking the EU General Data Protection Regulation:A practical handbook on the EU’s new data protection law
This Handbook is designed to enable privacy professionals and legal functions within an organisation to quickly identify the issues that are of primary importance to that organisation, and determine how best to address those issues. EU data protection law affects all organisations in the EU (and some organisations outside the EU—see Chapter 4). Many organisations that […]
Data subject access requests (DSARs) can be made under the General Data Protection Regulation (GDPR) or under the Data Protection Act 2018, but schools and colleges are increasingly showing concern regarding the effective way to deal with such requests. Most of the time, DSARs are coming from staff members, parents or pupils, but children have […]
Even though the May 25, 2018, compliance deadline for the General Data Protection Regulation (GDPR) has passed, data protection compliance has not ended. Working with the GDPR, the Data Protection Act 2018 (DPA) works with the GDPR and introduces additional requirements that businesses will need to watch out for, including obtaining an appropriate policy document. […]
Is There a Specific Amount of Data Which Qualifies as Large Scale for the Purpose of Determining Whether a Data Protection Officer Must be Appointed or a Data Protection Impact Assessment Must be Performed?
As part of a series addressing the questions most frequently asked by clients concerning the General Data Protection Regulation (GDPR), Bryan Cave Leighton Paisner offered insight into the question: Is there a specific amount of data which qualifies as large scale for the purpose of determining whether a Data Protection Officer must be appointed or […]
GDPR: The Most Frequently Asked Questions: How Much Time Does a Company Have to Respond to an Access Request?
According to Bryan Cave Leighton Paisner LLP, questions still surround the requirements of the General Data Protection Regulation (GDPR), even though it has been in force since May. In answer to the question about how much time a company has to respond to an access request, Paisner had this to say: The GDPR requires that […]