The digital media supply chain is about to get a whole lot smaller thanks to Europe’s General Data Protection Regulation (GDPR). The privacy legislation, which takes effect in May, dictates that data controllers could be held responsible for data privacy missteps made by their third-party partners. Source: Expect A Contraction Of The Supply Chain In The […]
controller
This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria […]
WM Morrisons Supermarket plc have been held liable to 5,518 of their employees for a deliberate data breach by a rogue employee, Andrew Skelton. Skelton had been employed by Morrisons as a senior IT auditor. In the course of his duties he was required to collate employee data for Morrisons’ external auditors. Source: Employer liable […]
The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing. […]
Controller-processor contracts and liabilities don’t seem destined for any guidance from the Article 29 Working Party, at least according to the WP29’s published work programs/roadmaps to date. However, some national regulators have picked up the baton. On September 13, the U.K. Information Commissioner’s Office issued draft guidance, Contracts and liabilities between controllers and processors. Source: […]
The concept of joint controllers in EU law, in contrast to a distinction between controllers and processors, has not been seen thus far as particularly controversial nor widely discussed. However, it is now explicitly provisioned by the GDPR that joint controllers are two or more controllers that jointly determine the purposes and means of processing. […]
EDPB released draft guidelines on the interplay between GDPR Article 3 (territorial scope) and Chapter V (restrictions on international data transfers).
This Opinion analyses the criteria set down in Article 7 of Directive 95/46/EC for making data processing legitimate.
The Paper explains the growing importance of the legitimate interests legal basis for organizations, whether for routine or more complex and innovative data processing activities.
This panel will discuss the relationship between data protection regulations and enterprise organization’s work on Third Party Risk Management.