General Data Protection Regulation (GDPR)

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day two of the event.

The Importance of Informed Consumers

When consumers feel they are more knowledgeable about the provisions of GDPR, they are more comfortable with

The International Association of Privacy Professionals is holding its 2019 Europe Data Protection Conference in Brussels. Partner Odia Kagan, who is in attendance, shares some takeaways from day one of the event.

Irish Data Commission Plans Cookie Banner Guidance

Irish Data Protection Commissioner Helen Dixon says the commission has completed a search and sweep

The Spanish AEPD has published guidelines on patient health data protection.

The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article 12 and data subject rights.

Key Takeaways

  • In the field of health care the right to suppression of clinical history data is very

Kenyan President Uhuru Kenyatta approved a data protection law which complies with European Union legal standards, according to Thomson-Reuters.

The new law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared. Those violating the law face a maximum fine of 3 million shillings

The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).

Key changes:
  • GDPR can apply extraterritorially to some streams of data processing and not others, and not to the entire entity.
  • GDPR applies to many non-EU data processors, including cloud storage providers for data

The Polish data protection authority has fined ClickQuickNow €47,126.97 for violating the General Data Protection Regulation (GDPR) by requiring too difficult a process for revoking consent.

The process in question required the person who submits the statement of withdrawal of consent to indicate the reason for his request after the site provided the person with

The auto-complete function is not prohibited by GDPR, says the Danish data protection authority.

  • The search function suggested certain search suggestions automatically including the complainant’s name.
  •  The purpose of the function was to offer a better service to citizens.
  • The municipality also stated that when a user performs a search only the entered keyword is

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR.

Key takeaways:

  • You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top.
  • All processing of personal data should be subject to overview, governance and demonstrable compliance.
  • Key

The California Attorney General considered and rejected the creation of a safe harbor exemption from the CCPA for businesses that are already complying with GDPR, says the statement of reasons that accompanies the draft CCPA Regulations.

“The Attorney General rejected this alternative because CCPA and GDPR have different requirements, different definitions, and different scopes. For

The French Data Protection Authority,  CNIL, has prohibited the use of facial recognition to control entry into a school as disproportionate saying that alternative less intrusive means are available, such as badge control.

Key takeaways:

  • Processing of biometric data is of particular sensitivity, justifying enhanced protection of individuals.
  • Facial recognition devices are particularly intrusive and