Download free GDPR compliance checklist!

Tag Archives for " guidance "

I am happy to announce, that my side project – – is live and open to public. The primary aim of project is to create and collect guidance and resources for data protection officers (DPOs) and everyone else interested in privacy and data protection. is a living project – I will add more resources and functionality to website. And I hope you will both find the project useful and will help it grow – by adding resources and spreading the word.

There are still many functionality and parts to be added – like possibility to add resource by anyone directly from website. But we’ll get there with time. At the moment – please use contact form on the site. Or just email me links to resources that may be useful to others interested in privacy and data protection.

Latest papers on privacy and data protection – June

Recommendations for Implementing?Transparency, Consent and Legitimate Interest?under the GDPR

Centre for Information Policy Leadership (CIPL) published its paper on transparency, consent and legitimate interest?under the GDPR.

Download paper

Designing Without Privacy

This Article presents findings from an ethnographic study of how, if at all, technologists doing the work of technology product design think about privacy, integrate privacy into their work, and consider user needs in the design process.

Access paper

Privacy and Human Behavior In the Age of Information

This review summarizes and draws connections between diverse streams of empirical research on
privacy behavior.

Read the review

User-Centered Privacy Communication Design

This paper describes a user-centered privacy policy design project at Stanford Legal Design Lab aimed to generate new models of business-to-consumer communications around data privacy.

Read paper

Internet of Things.?Status and implications of an?increasingly connected world.

US Government Accountability Office (GAO) released a technology assessment of the Internet of Things (IoT) for Congressional members of the IoT Caucus.

Read assessment

New GDPR guidelines on consent, profiling, breach notification and data transfers to be issued in 2017

The Article 29 Working Party (WP29), a consultative body made up?of all the national data protection authorities in the EU, in 2017 will issue new guidelines on General Data Protection Regulation (GDPR). First ones to issue will cover?profiling, breach notification and data transfers. WP29 will also?issue guidance on transparency, high risk processing, certification and application of administrative fines under the GDPR.

Read more

GDPR guidance on data portability, DPOs and lead authority

In December the Article 29 Working Party (WP29), an advisory body made up of all the EU national data protection authorities, has published three long awaited guidelines and frequently asked question (FAQ) on General Data Protection Regulation (GDPR). Guidelines covers following topics:

You can submit?any additional comments on guidelines until the end of January 2017.

DPAs to issue GDPR guidance

Chair of the Article 29 Working Party,?Isabelle Falque-Pierrotin, has promised that EU Data Protection Authorities will issue the first parts of their guidance on the EU Data Protection Regulation (GDPR) soon after their plenary meeting on 12-13 December.?She also invited companies to provide their?input to the Article 29 Working Party’s action plan for next year.

Companies are awaiting guidance from Working Parties and ?Data Protection Authorities to sooner and better adjust their business practices and policies with upcoming data protection law. Guidance can be expected on Data Protection Officers (DPOs), data portability and designation of lead data protection authorities.


Irish DPC issues guidance on anonymisation and pseudonymisation

In August 2016, Data Protection Commissioner (?DPC?) of Ireland published guidance on the use of data anonymisation and pseudonymisation.?Guidance provides recommendations on effective use of anonymisation and pseudonymisation techniques.

Anonymisation and pseudonymisation techniques help organisations to better comply with security requirements of data protection law. General Data Protection Regulation (GDPR) encourages organisations to use pseudonymisation techniques while effectively and irreversibly anonymised data is not ?personal data? and the data protection principles do not to?such data.

Read the guidance