The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) calls on the European Commission to suspend the EU-US Privacy Shield since it does not provide enough protection for EU data subjects. The United States has to comply by September 1, 2018.
According to MEPs, the EU-US Privacy Shield should also remain suspended until the US authorities comply with its terms in full.
The Privacy Shield is an agreement between the US and the EU allowing companies considered Read more [...]
In June 2018, the CNIL, Commission Nationale Informatique & Libertes, published guidelines for the protection of personal data in the health sector. In particular, the French Data Protection Authority (DPA) provides professionals in the health sector with tips to comply with the EU Privacy Regulation 2016/679, GDPR:
limit the information collected to what is necessary for the treatment of patients;
keep a record of treatments;
delete patient data after the maximum retention period Read more [...]
On May 10, 2018, the new regulations on the Security of Network and Information Systems came in to force in the UK. The new regulation is called the Network and Information Systems Regulations 2018 - the NIS regime.
The NIS follows the adoption of the EU Cybersecurity Directive according to which “Operators of essential services” (OESs) and “relevant digital services providers” (RDSPs) in the EU must have appropriate and proportionate cyber security measures in place and report cyber Read more [...]
On June 28, 2018, California passes Bill 375 (Chau, Hertzberg, Dodd), which will provide Californians with fundamental new consumer privacy rights.
In summary, the broad private right of action in the initiative covers instances of data breach – violations are subject to enforcement by the Attorney General – the right to know all a consumer’s personal information for free twice a year, the right to delete, and opt-in for consumers under 16 years old.
The legislation goes into effect in Read more [...]
In June 2018 the Irish Data Protection Commission (DPC) published a draft list of processing operations for which it is mandatory to conduct a data protection impact assessment (DPIA). The list is intended to encompass both national and cross-border data processing under Article 35 of the General Data Protection Regulation (GDPR).
With a view to finalizing the proposed list for submission to the EDPB for approval, the DPC is issuing its draft DPIA list for public consultation.
Stakeholder shall Read more [...]
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptRead More