DATA PRIVACY MATTERSNumber One Data Privacy Blog
The GDPR also introduced new accountability and transparency requirements, meaning that processors must be able to show that they have a lawful basis for each processing operation, and must inform individuals which lawful basis if being relied upon. Furthermore, under GDPR the interpretation of legitimate interests is now broader, encompassing the interests of any third party, including wider societal benefits.
Whilst the threat of a no-deal Brexit has been averted for now, the future is by no means certain. We have highlighted some of the key issues for UK-based organisations, and the EEA organisations that do business with them, in these uncertain Brexit times.
Article 35(3) of the GDPR sets out three types of processing which will always require a DPIA:
systematic and extensive evaluation of personal aspects relating to individuals which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the individual or similarly significantly affect the individual;
large scale processing of special category data; or
systematic monitoring of a publicly accessible area on a large scale.
The European Data Protection Board (EDPB) met for its fourteenth plenary session on 8 and 9 October 2019. One of the key developments was the adoption of the final version of its guidelines on the contractual lawful basis for the processing of personal data in...
Although the final regulations have yet to be promulgated, the general requirements of the CCPA are sufficiently evident to enable businesses to prepare to comply with the final regulations when the Cal AG issues them, which will likely occur this fall. Accordingly, businesses should take the following steps to comply with the CCPA in advance of the January 1, 2020 deadline:
The Personal Data Protection Commission (PDPC) has revised Chapter 6 (Organisations) and Chapter 15 (Access and Correction Obligations) of the Advisory Guidelines on Key Concepts in the Personal Data Protection Act, or PDPA (the Guidelines). Chapter 6 has been revised...