General Data Protection Regulation (GDPR)

“Rather than view data protection as a box-ticking exercise, it should be a key priority and integrated into every aspect of the business to ensure comprehensive coverage and consistency.”

“Regulation can only go so far – if businesses focus on best practices for cybersecurity, data protection and combine this with compliance they will be giving

The French Data Protection Agency CNIL received 11,077 complaints in 2018, up 32.5 percent compared to 2017.

Other highlights from the CNIL 2018 report

  • CNIL carried out 310 investigations in 2018, of which 204 were onsite, 51 online and 51 on the basis of documentation.
  • 49 orders were adopted in 2018, of which five were

“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the EU.”

The European Commission has updated FAQs on the interplay between the forthcoming Clinical Trials Regulation (CTR) and GDPR.

Key Takeaways:

The “agree button is one of the biggest lies on the internet. This is not consent. This is not notice,” said U.K. Information Commissioner’s Office Executive Director for Technology Policy and Innovation Simon McDougall.

People are now living in an “age of unhappiness” and are not feeling empowered, says McDougall. With large tech companies, the

The European Data Protection Board (EDPB) has issued draft guidelines on the GDPR legal basis of “necessary for the performance of a contract”.

Key takeaways:

  • You must specify the purpose of the processing and avoid vague or general purposes
  • Necessary for the performance of a contract is not a legal basis for “special categories of

“If you start reading all privacy notices you receive, you will spend too much time reading these notices. On the other hand, if a person [ticks a box] ‘I accept and understand’ but they don’t know what they’re consenting to, that is not acceptable either. A reasonable approach is in-between,” said Giovanni Buttarelli, the European

“Europe has taken the first steps to protect citizens’ privacy and our new regulations have proven to be effective — both for our citizens and our businesses… It’s time for America to join us, Japan and many others in our work, and be part of setting the global standards on privacy.”  — European Commissioner Vera

“This call may be recorded for training purposes…if you consent say ‘Consent’.”

The Danish Data Protection Authority (Datatilsynet) has ordered a company to cease recording phone calls for training purposes until it implements a technical solution that makes it possible to obtain the caller’s consent for doing so.

In this case the complainant called the

“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham.

Denham said companies must understand the risks that they create for others with their data processing, and mitigate those risks. GDPR also formalizes the move away from box ticking to seeing data protection

The European Parliament weighs in on data brokers and data processing in the context of elections in a published answer to a parliamentary question.

“Data brokers may act as controllers or processors depending on the degree of control they have over the processing. Under the General Data Protection Regulation (GDPR)”.

When data brokers process data