Tag Archives: GDPR

ICO Seeks Extra Resources for GDPR Enforcement

Written by
On March 13, 2017, Elizabeth Denham, head of the UK data protection authority (“ICO”) publicly expressed her intention to massively recruit new personnel in an effort to be ready for the European (“EU”) general data protection regulation (“GDPR”). In a statement released on its website, the ICO announced its plan to recruit new personnel by May 2018, in light of the new responsibilities and enforcement powers granted to the ICO under the GDPR. Ms. Denham later told the press the ICO would hire approximately 200 persons. Interestingly, the ICO statement comes on the same day the [...] Read more

CNIL Launches Second Round of Public Consultation on GDPR

Written by
Last week, the French Data Protection Authority ("CNIL") launched the second round of a public consultation on the General Data Protection Regulation (“GDPR”).  The first public consultation was launched in June 2016 and addressed the requirements in the GDPR relating to data protection officers, data portability and privacy seals and certifications.  The outcome of the June 2016 consultation was integrated by the Consortium of the European data protection authorities (“WP29”) into WP29’s recent guidance. Similarly, the new public consultation launched by the CNIL is aligned with [...] Read more

Spanish Ministry of Justice Launches Public Consultation on GDPR

Written by and
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”).  The press release clarifies that although the GDPR has direct effect in the European Member States, its implementation into Spanish law is not a straightforward exercise because (i) the obligations in existing data protection legislation need to be maintained or amended (as the case may be), and (ii) other sector specific laws containing provisions on data protection need to be updated.  A [...] Read more

WP29 Issues Guidance on the Right to Data Portability under the GDPR

Written by
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation ("GDPR").  This is part two of a three-part Alston & Bird series evaluating WP29's positions, and relates to the Right of Data Portability for data subjects and its obligations for data controllers.  Part 1 deals with Data Protection Officer obligations, under the GDPR, while part 3 analyzes guidance on the Lead Supervisory Authority mechanism. Article 20 of the GDPR creates a new right to data portability [...] Read more

The French Digital Republic Act: the New Powers of the French Data Protection Authority and Enhanced Rights of Individuals

Written by
On October 7, the French Digital Republic Act (the “Act”) was adopted following a widely-publicized consultation process.  The Act amends the French Data Protection Act, and also modifies French law in various domains, including consumer protection, electronic payment services, medical research, and intellectual property. The Act constitutes a first step in the implementation of the General Data Protection Regulation (“GDPR”), which will apply in all EU Member States as from May 25, 2018.  The Act in particular establishes (i) new powers for the French data protection authority (“DPA”), [...] Read more

GDPR Approved by Parliament, Set to Become EU Law

Written by
Last week, we reported that the Council of Ministers accelerated the timetable for passage of the General Data Protection Regulation (GDPR).  The European Parliament followed suit and approved the GDPR this morning. As a result, the GDPR is now officially adopted and will become the law of the land in the EU.  The GDPR will be published either this month or next in the Official Journal of the European Union.  Twenty days after its publication, it will enter into force – i.e. either in May or June 2016.  As soon as the GDPR enters into force, its two-year clock for bringing business operations [...] Read more

EU Council Issues New Consolidated GDPR and Accelerates GDPR’s Legislative Timetable

Written by
Yesterday evening, the Council of Ministers issued a new consolidated version of the General Data Protection Regulation (GDPR).  This is the first “clean” version of the GDPR that (a) incorporates all revisions agreed upon from the time of the Commission’s original 2012 proposal to the December 2015 trilogue compromise text; and (b) numbers individual provisions as can be anticipated in the final adopted version of the GDPR.  The new consolidated text can be accessed here. The new GDPR text follows closely on the heels of the Council accelerating the timetable for the GDPR’s passage.  [...] Read more

The EU General Data Protection Regulation – Europe Adopts Single Set of Privacy Rules

Written by , and
On December 15, 2015, following four years of close, sometimes contentious, review, the EU institutions agreed upon the text of the General Data Protection Regulation (the “GDPR”).  One of the most important EU legislative initiatives in recent years, the GDPR is also a landmark in privacy regulation worldwide. As from the time the GDPR takes effect – most likely in early 2018 – data protection regulation for most of Europe will largely proceed from a single set of rules. The GDPR will replace the Data Protection Directive (95/46/EC) (the “Directive”), adopted in 1995, which was [...] Read more