General Data Protection Regulation (GDPR)

  1. The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.

Key takeaways:

  • Before using a development tool, especially for personal data, read the conditions of use.
  • If the data requires a maximum level of confidentiality, use tools with a local instance, rather than the cloud.
  • Conduct a

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

“C’est tres complique aujourd’hui de se declarer 100% conforme”

“In reality, it’s very complicated to declare in total and perfect conformity [with GDPR], be it today, in five or ten years, because it’s a continuous process. A company never really achieves 100% compliance, it works on it every day. It seeks to have compliance champions,

“While there are undoubtedly significant benefits in using new technologies, organisations need to be aware of the potential challenges when choosing and using any systems involving biometric data,”  writes Steve Wood, Deputy Commissioner for Policy at the UK Information Commissioner’s Office.

“Any organisations planning on using new and innovative technologies that involve personal data, including

“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,”  according to the Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AG), which issued a guidance on GDPR and medical records.

Key takeaways:

  • For medical data

CNBC’s Kate Fazzini interviewed Partner Odia Kagan, Chair of GDPR Compliance & International Privacy, for an article on the one-year anniversary of GDPR. Here are a few of Odia’s thoughts, which were included in the piece:

“The enforcement is just getting started. The higher fines are very likely going to be in connection

The UK Information Commissioner’s Office (ICO) is strategically focusing on the “fairness” requirement under the GDPR – says U.K. Information Commissioner Elizabeth Denham.

The focus is unfair, invisible processing. This includes big tech, data brokers, credit reference agencies and adtech, specifically looking at transparency and fairness, as well as the legal basis for consent.

Regarding

Danish data protection authority Datatilsynet has ordered a bus company to explain, by July 15,  how it will amend its IT systems to allow for compliance with the right to rectification (correction) under GDPR and provide a timetable for the implementation of the changes.
Takeaways:
  • Your IT system must allow for correction of data when