Tag Archives: GDPR

German Parliament voted ‘Yes’ on new Data Protection Act to implement the GDPR

Yesterday, the German Parliament (Bundestag) passed a new Data Protection Act (Datenschutz-Anpassungs-und-Umsetzungsgesetz EU – DSAnpUG-EU; the Act), despite major criticism. The Act is available online in German here. The Act shall adjust the current German data protection laws with the requirements of the General Data Protection Regulation (GDPR), and replace the current Federal Data Protection … Continue Reading

More GDPR questions answered: new guidelines on DPIAs

Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading

‘Once in a generation’ legislative changes: the ICO’s strategy for GDPR challenges

Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading

Man vs. machine: the ICO provides guidance on use of Big Data

As the European data protection framework evolves, big data remains a hot topic. Often, what makes up these large data sets is personal data, so it has clear data protection implications. The Information Commissioner’s Office (“ICO”) has therefore issued guidance on “Big data, artificial intelligence, machine learning and data protection.” This recent guidance provides helpful emphasis … Continue Reading

UK government publishes digital strategy to create and support a secure and thriving data economy

On 1 March 2017, the UK government published its Digital Strategy (“Strategy”) for a “world-leading digital economy that works for everyone.”. The Strategy contains a number of statements that bring some certainty to the direction of regulation in the UK following its withdrawal from the European Union. Unlocking the data economy The Strategy notes the … Continue Reading

Bavarian Data Protection Authority issues its “7th activity report 2015/2016”

On 3 March 2017, the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht – “DPA”) issued a 160-page 7th activity report (Tätigkeitsbericht), covering years 2015 and 2016. The activity report has been accompanied by a press release of the same date. Background In Germany, Data Protection Authorities are obliged to regularly, at least every two years, issue … Continue Reading

Implementing the GDPR: Reed Smith Webinar on Planning your Path to Compliance in 2017

We are hosting a webinar on January 30, 2017, to discuss the new obligations global organisations with interests in Europe will need to meet to comply with the GDPR. With just over 16 months to go until the Regulation will be enforced, it is vital that you understand the requirements and that you are able to … Continue Reading

Article 29 Working Party issues guidance on data portability, DPOs and lead supervisory authorities

As we enter 2017, 2018 doesn’t seem that far away…and with the new General Data Protection Regulation (GDPR) due to come into effect from 25 May 2018, organisations are running out of time to ensure compliance with the new data protection requirements. It is therefore not surprising that the Article 29 Working Party (“Working Party”) … Continue Reading

Preparing for the GDPR: what you need to know

Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading

UK Government Confirms GDPR Will Be a Reality For Post-Brexit Britain, Hints That Future UK Law Could Drop Some “Burdensome” EU Requirements

In her evidence to the Culture, Media and Sport Select Committee on 24 October, Secretary of State for the Department of Culture, Media and Sport (“DCMS”) Karen Bradley MP called out the EU General Data Protection Regulation (“GDPR”) as an example of EU law that the government would opt into. At the same time, the … Continue Reading

Does Brexit mean Brexit for data protection in the UK?

Three months on from the landmark Brexit vote 23 June, the Information Commissioner’s Office is setting out its position regarding data protection laws in a post-Brexit UK. Elizabeth Denham, the new Information Commissioner, told the BBC that she believed the UK should adopt the General Data Protection Regulation (GDPR) regardless of Brexit. Denham stressed that … Continue Reading

Brexit: Baroness Neville-Rolfe on Data Implications

At the beginning of July, Baroness Neville-Rolfe, Minister of State at the Department for Business, Energy and Industrial Strategy, gave a speech at the annual Privacy Laws & Business conference, outlining the government’s stance on the implications of Brexit for a range of data issues including the GDPR, cybersecurity, international data transfers and the Internet of … Continue Reading

What Will Data Protection Look Like in a Post-Brexit Britain?

Following the United Kingdom’s vote to leave the European Union, one thing is clear: the negotiations for the terms of the UK’s exit are likely to overlap with the implementation across the EU of the General Data Protection Regulation (GDPR) in May 2018. We have prepared a client alert to lay out the facts as they … Continue Reading

International Data Transfers Face Further Setbacks: MEPs and the EDPS Reject the Privacy Shield & the Adequacy Challenge Spreads to EU Model Clauses

The options available to EU organisations for lawfully transferring personal data from Europe to the United States appear to be dwindling. In particular, there have been further setbacks to the approval of the Privacy Shield and, separately, a new legal challenge to the validity of EU model contract clauses. For more information click here to … Continue Reading

UK relies on EU Treaty exception to avoid “anti-FISA” data transfers clause in European General Data Protection Regulation (“GDPR”)

In a written statement to Parliament, Baroness Neville-Rolfe confirmed the UK Government’s view that the Treaty on the Functioning of the European Union (“TFEU”) means that Article 48 of the GDPR does not apply to the UK. Article 48 of the GDPR states that any judgment or tribunal decision – or decision of an administrative … Continue Reading

EU General Data Protection Regulation in force from 25 May 2018: the Countdown to Compliance starts now

The long-awaited General Data Protection Regulation was published in the Official Journal of the European Union on 4 May 2016. This means that the most comprehensive reform to the EU’s omnibus data protection law in 20 years will apply throughout the European Union from 25 May 2018. We have written in previous posts (here and here) … Continue Reading

The Data Protection Directive Is Dead! Long Live the General Data Protection Regulation!

After four years of protracted discussions and negotiations, the General Data Protection Regulation (the “GDPR”) gained final approval from the European Parliament 14 April. It will enter into force 20 days after publication in the Official Journal of the European Union (expected imminently), and it comes into force two years after that date – i.e., … Continue Reading

Happy Data Protection Day! ICO and Senate Committee’s spotlight on data protection

In preparation for European Data Protection Day on 28 January, the ICO commissioned a survey on attitudes towards data protection. The YouGov poll revealed growing public concern over data privacy and security. Of more than 2000 respondents questioned: 95% considered it “very or fairly important” that companies were clear from the outset about how their … Continue Reading

Agreement reached on the GDPR

Earlier this month, we reported the progress of trilogue discussions on the long-awaited General Data Protection Regulation (GDPR). On 15 December 2015, almost four years after the legislative proposal was originally tabled by the European Commission, the European Parliament and the Council finally reached agreement, bringing the GDPR one step closer to adoption. The final … Continue Reading

Countdown to the General Data Protection Regulation…

With the festive season now firmly upon us, there are indications that European Union institutions could soon be delivering an early Christmas present to businesses: the conclusion of trilogue negotiations on the General Data Protection Regulation (‘GDPR’). The GDPR, according to the latest document to come out of Brussels, aims to “reinforce data protection rights … Continue Reading

Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say … Continue Reading
LexBlog