The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]
GDPR
Alston & Bird Issues Data Protection Paper on Accurate Retrieval of Personal Data under the GDPR
Today Alston & Bird’s Peter Swire and DeBrae Kennedy-Mayo, with support from Senzing, Inc., are publishing a White Paper titled The Importance of Accurate Retrieval of Data Subjects’ Personal Data in Complying with GDPR Individual Rights Requirements. The General Data Protection Regulation, which enters into effect on May 25, 2018, goes considerably beyond existing law in […]
Belgian Privacy Commission Issues DPIA “Black” and “White List” Recommendation
On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess […]
Belgian Court Uses Novel Argument to Assume International Jurisdiction over Non-EU Facebook Entities
On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the Commission in regards to alleged monitoring practices vis-à-vis Belgian internet users. In parallel to the proceedings that resulted in the judgment […]
German DPAs Publish Model GDPR Processing Records – Translations Provided
In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their processing activities. Under Article 30 GDPR, companies will need to inventory all “processing activities under [their] responsibility” and […]