Regulation

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

May 30, 2018 By Daniel Felz

The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]

On GDPR Day, Austrian DPA issues First Binding DPIA Whitelist

May 28, 2018 By Daniel Felz

Belgian Privacy Commission Issues DPIA “Black” and “White List” Recommendation

May 3, 2018 By Privacy, Cyber & Data Strategy Team

On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess […]

In Order, FTC Recognizes Lower Notice Requirements for “Consumer-Expected” Data Collection

March 5, 2018 By Privacy, Cyber & Data Strategy Team

Last week, the Federal Trade Commission granted a petition by Sears Holding Management seeking modification of a 2009 Commission Order. The notable 2009 Order settled allegations that Sears had improperly failed to provide notice regarding data collection by certain software the company offered to consumers. Sears argued that the 2009 Order placed it at a […]

German DPAs Publish Model GDPR Processing Records – Translations Provided

February 26, 2018 By Daniel Felz

In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their processing activities. Under Article 30 GDPR, companies will need to inventory all “processing activities under [their] responsibility” and […]