GDPR regulatory news round-up from Europe – April 2018

Document created by Rakesh Jha FIP CIPP/E CIPM PMP CSM on Apr 30, 2018
Version 1Show Document
  • View in full screen mode

UK: ICO updates GDPR guidance on security

ICO released updated guidance in relation to data security under the GDPR. The checklist for organisations to assist in the assessment of risks presented by the processing of personal data, and the implementation of the appropriate level of security necessary.

Read more (in English) »

UK: ICO releases GDPR lawful basis tool

The Information Commissioner's Office (ICO) has released an interactive tool to help organisations determine which lawful basis of processing to rely on under the GDPR.

Use the tool (in English) »

Italy: DPA issues statement on enforcement under the GDPR

The Italian Data Protection Authority (Garante per la protezione dei dati personali) has denied that it had issued any opinion about postponing investigations and enforcement actions in relation to the GDPR.

Read more (in Italian) »

EU: WP29 releases recommendations on standard BCR-C and BCR-Papplications

The Article 29 Working Party (WP29) has released recommendations on the standard application for the approval of binding corporate rules for data controllers (BCR-C) and processors (BCR-P) for transferring personal data. In particular, the WP29 highlighted that the recommendations aim to update its previous documentation and align it with the GDPR, and are intended to help applicants meet the requirements set out in Article 47 of the GDPR.

Download the BCR-C recommendations here and the BCR-P recommendations here (in English)

France: CNIL publishes GDPR guidance for SMMEs and security of personal data

The French data protection authority (CNIL) has published GDPR guidance for micro, small and medium-sized enterprises. The guidance includes a practical guide to GDPR awareness and three guides on data processing in relation to communicating and selling online, customer relationships and employment relationships respectively. The security of personal data guidance serves as a reminder that basic precautions be implemented systematically.

Read more on SMMEs and security of personal data (in French) »

EU: WP29 adopts finalised guidelines on consent and transparencyunder GDPR

The WP29 has adopted finalised guidelines on consent and transparency. The guidelines provide an analysis of consent under the GDPR, outline the minimum content requirements for consent to be ‘informed’, as well as requirements in relation to explicit consent. They also clarify the information that organisations are obliged to provide under Articles 13 and 14 of the GDPR, as well as the related exceptions.

Read more about consent and transparency (in English) »

Spain: AEPD releases GDPR compliance checklist

The Spanish Data Protection Agency (AEPD) has issued a checklist for organisations to assess their GDPR compliance.

Read more (in Spanish) »

Jersey: Commissioner issues GDPR guidance

The Office of the Information Commissioner has issued GDPR guidance. The guidance relates to the data processing principles, key definitions, small and medium-sized enterprises (SMEs), breach reporting, duties of data controllers, registration of controllers and processors, sanctions, criminal offences and civil remedies.

Read more (in English) »

EU: WP29 to establish Social Media Working Group

The WP29 has announced that it will establish a social media working group to develop a long-term strategy regarding the collection and use of personal data by and through social media.

Read more (in English) »

Green Paper: EU General Data Protection Regulation – A Compliance Guide

This free green paper gives an overview of the key areas of change introduced by the Regulation, and the critical areas organisations need to be aware of when preparing for compliance.

Download now »

Webinars: EU GDPR webinar series

To support organisations in their GDPR compliance projects, we have launched a series of webinars. Listen to our privacy experts guide you through the various requirements of the Regulation.

Sign up for upcoming webinars and watch previous recordings »

Monday 30 April 2018 | Privacy Virtuoso | NASSCOM