General Data Protection Regulation

The ICO’s New Strategic Plan – A Change Of Course Or Steady As She Goes?

David Smith

You may have seen that on 25 May, with exactly one year to go until the GDPR takes effect, the Information Commissioner, Elizabeth Denham, published her office’s Information Rights Strategic Plan for 2017- 2021. This might not be headline grabbing stuff but it’s important nevertheless as it sets out how the ICO will be approaching Read More

No Comments

GDPR: Are we losing sight of today’s risks as we all look to the future?

David Smith

This week all eyes are on the future. There’s just one year to go until the EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and we have the promise, in the Conservative Party’s manifesto, that here in the UK we will be getting a new data protection law that is Read More

No Comments

BCRs under the GDPR: Practical considerations

Wanne Pemmelaar

Modern businesses increasingly depend on the free data flows between business units, customers and third parties. As new legislation and developments shake up the existing principles of cross- border data transfer, many internationally operating organisations turn to Binding Corporate Rules (BCRs). The BCRs can be a key element not only for the compliant cross-border data Read More

No Comments

Article 29 Working Party adopts Guidelines on the “lead supervisory authority”

Peter van Dyck

One of the key innovations of the upcoming General Data Protection Regulation (GDPR) is the so-called one stop shop principle.  This principle aims to avoid companies that undertake cross-border processing of personal data finding themselves subject to a plurality of competent data protection authorities. Concretely, the GDPR provides that the data protection authority in the Read More

No Comments

DPOs and the GDPR: Part 2 – Appointing a DPO

Ondrej Kramolis

In its newly published opinion, the Article 29 Working Party (WP29) provides some useful input into discussion on the nature of the role of data protection officers (DPOs) under the GDPR. This is a question which many organisations have been grappling with, as they assess who should take on this role. The WP29 considers the qualifications Read More

No Comments

DPOs and the GDPR: Part 1 – When is a DPO needed?

Catherine di Lorenzo

On 16 December 2016, the Article 29 Working Party (WP29) released highly anticipated guidelines on some of the most critical matters in the implementation of the General Data Protection Regulation (GDPR). These guidelines are not legally binding, but local data protection authorities are likely to follow them.  The WP29 does invite comment on the guidelines Read More

No Comments