Free tools and resources for Data Protection Officers!

Tag Archives for " WP29 "

What changes GDPR will bring?

While some tend to portray new European Union (EU) General Data Protection Regulation (“GDPR”) as menacing Apocalypse coming from nowhere, fact is that GDPR is an “upgrade” of existing EU data protection laws. EU Data Protection Directive (Directive 95/46/EC) was adopted already in 1995. In some countries – like Germany and Sweden – data protection laws were introduced even much earlier – in 1970s and 1980s.

GDPR keeps the basic principles of Data Protection Directive and ads new “layer” to it, aiming to unify data protection in all EU countries and bring more rights and control over data use back to individuals. In fact, GDPR incorporates guidance of data protection authorities and best practice in data protection. There almost nothing in GDPR that wouldn’t already exist somewhere. For example, data protection by design and by default principle originated back in 1980s, data protection officers already are mandatory requirement in Germany, and breach notification exist in communication sector for years.

But let’s look what exactly are the changes GDPR brings us.

Continue reading »

Recent ICO guidances and feedback requests on GDPR

Recently UK Information Commissioner Office (ICO) published several GDPR guidances and requests for public feedback.

Guidance on consent

In March ICO published draft guidance on consent under the EU GDPR. Guidance was opened for public feedback till March 31, and ICO now aims to publish this guidance in May 2017.

Our guidance on consent explains our recommended approach to compliance and what counts as valid consent. It provides practical help to decide when to rely on consent, and when to look at alternatives. It also explains the key differences with the DPA and gives advice about existing DPA consents.

Reed the feedback on ICO’s guidelines:

Feedback request on profiling and automated decision-making

In April ICO published its feedback request on profiling and automated decision-making. It represents ICO’s initial thoughts on certain aspects of profiling in the GDPR, however, ICO warns, it should not be interpreted as guidance. Responses will help to form ICO’s contribution to the WP29 guidelines that will be published later this year.

The discussion paper published today highlights the key areas of profiling we feel need further consideration. This includes subjects like marketing, the right to object and data minimisation – and we want your feedback. We’d like to hear the views of our stakeholders and get examples of best practice before 28 April 2017.

Call for Feedback on GDPR derogations

ICO has published its call for feedback on derogations under GDPR.

For all derogations, stakeholders are encouraged to submit their views through the online ‘Call for Views’, uploading research and/or data where relevant. This exercise is to capture views on if and how the government should implement the defined flexibilities permitted within the GDPR.

Consultation closes at midday on 10 May 2017.

Update on paper on big data

In March ICO published updated version of paper on big data, artificial intelligence and machine learning. This paper sets out the ICO’s views on issues and how they relate to the GDPR.

GDPR guidance on data portability, DPOs and lead authority

In December the Article 29 Working Party (WP29), an advisory body made up of all the EU national data protection authorities, has published three long awaited guidelines and frequently asked question (FAQ) on General Data Protection Regulation (GDPR). Guidelines covers following topics:

You can submit any additional comments on guidelines until the end of January 2017.

DPAs to issue GDPR guidance

Chair of the Article 29 Working Party, Isabelle Falque-Pierrotin, has promised that EU Data Protection Authorities will issue the first parts of their guidance on the EU Data Protection Regulation (GDPR) soon after their plenary meeting on 12-13 December. She also invited companies to provide their input to the Article 29 Working Party’s action plan for next year.

Companies are awaiting guidance from Working Parties and  Data Protection Authorities to sooner and better adjust their business practices and policies with upcoming data protection law. Guidance can be expected on Data Protection Officers (DPOs), data portability and designation of lead data protection authorities.

Source: http://www.privacylaws.com/Int_enews_01_12_16

Working Party Issues Results of the GDPR Workshop

Article 29 Working Party (Working Party) has published a summary of the discussions that took place at its Fablab workshop entitled “GDPR/from concepts to operational toolbox, DIY”.

Workshop gathered more than 90 participants. Among them were 40 representatives from data protection authorities. Aim of Fablab was to discuss with representatives of industry, civil society, academics and relevant associations certain operational and practical issues identified in the Action Plan of the Working Party regarding the General Data Protection Regulation (GDPR).

Working Party organised the Fablab workshop to help it develop best practices and guidelines for the implementation of the GDPR, in particular with respect to the following topics:

(A) the delivery of guidelines on the Data Protection Officer ;
(B) the development of guidelines on the format, scope and modalities of Data Portability ;
(C) the production of a methodology and templates for Data Protection Impact Assessment, including the definition of guidance related to risk assessment in the GDPR, and finally ;
(D) the definition of criteria and mechanisms relating to certification and certification bodies.

Read Results of the discussion

>