General Data Protection Regulation (GDPR)

The Irish Data Protection Commission and Polish Data Protection Authority have issued guidance on data breach notification under GDPR in which they address the following questions, and more:

  • When do you “become aware”​ of a data breach?
  • What should a data breach notification include?
  • How do you communicate a data breach notification?

The guidance offers

Following a decision from the Court of Justice of the EU, the UK Information Commissioner’s Office changed its guidance on how to calculate the GDPR 30-day time limit for data subject requests.

Per the ICO: “You should calculate the time limit from the day you receive the request (whether it is a working day or

“Given the legal requirements for explicit, informed consent, it is obvious that the vast majority of cookie consent notices are not compliant with European privacy law – researchers at the University of Michigan have found.”

“If given a choice, just 0.1 percent of site visitors would freely choose to enable all cookie categories/vendors — i.e.

Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.

It contains detailed requirements for data processor compliance including:

  • Documented data protection plan
  • Information security management system based on a recognized standard
  • At least annual evaluation of your privacy and information security

The UK ICO published a Code of Practice for use of Data in Political Campaigning for public consultation which ends October 9, 2019.

Though it officially applies to UK-based political campaigns, the code contains deep analysis of GDPR issues and can serve as useful, actionable guidance on compliance to companies and organizations subject to GDPR

Much has been discussed about the recent cookie guidance by the UK ICO and the French CNIL, but what do other data protection authorities think? In a detailed position paper, the Association of German Data Protection Authorities (Datenschutzkonferenz, or DSK) sets out its worldview on cookies and provides a very helpful, detailed guide

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that

The International Organization for Standardization (ISO) published a standard for company’s to implement personal information management systems (PIMS). The ISO’s guidance aims to assist businesses with compliance goals and further the emphasis on personal data protection.

In the wake of the detailed privacy framework requirements of the recent FTC Facebook settlement and the California Consumer

A web developer study shows that when a cookie banner allows users to refuse cookies, 50 percent of users choose this option and subsequently refuse all third-party services.

However, when this choice is not available, we end up with a cookie acceptance rate between 90 and 98 percent via site users clicking the “I accept”