Data protection and political campaigns – European Data Protection Board (EDPB) issues a statement.

Key points:

  • Personal data revealing political opinions is a special category of data under the GDPR, and, in most cases, processing it will require explicit, specific, fully informed, and freely given consent.
  • Using personal data made public, like on social media,

Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries.

Of those, 94,622 were initiated by individual complaints and 64,684 due to data breach notification by the controller. 52 percent of these cases have already been closed and 1 percent challenged before national court.

The Romanian Presidency of the Council of the EU has proposed a compromise on issues that are in the way of the EU e-Privacy Regulation.

Highlights:

  • A user’s consent to cookies should NOT be required for technical storage or access necessary and proportionate for the legitimate use of a service requested by the user. This

Now serving complaint #6241…

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has published guidelines on how it will prioritize the handling of complaints filed with it under the EU General Data Protection Regulation (GDPR).

Criteria include:

  1. How harmful is the alleged violation for the individual(s)? This depends on nature of data and nature of the

Clinical trials and the EU General Data Protection Regulation (GDPR): The European Data Protection Board (EDPB) has issued a much-awaited opinion on the legal basis for processing clinical trial data.

Key takeaways:

  • The legal basis for processing operations expressly provided by the Clinical Trial Regulation and by relevant national provisions, as related to reliability and

Forget me yes, part two.

Austrian Data Protection Authority holds that a data controller can meet its obligations to satisfy a data subject’s erasure request under GDPR by anonymizing personal data.

Some points:

  • Erasure is not the same as destruction; the controller can select means to carry out the erasure.
  • The controller must ensure that

Japan is the latest country to be recognized by the European Union as providing adequate protection to data. The decision is one of mutual adequacy and creates the world’s largest area of safe data flows.

Per European commissioner Vera Jourova: “Europeans’ data will benefit from high privacy standards when their data is transferred to Japan.

A medical center contracted by an insurance company to provide examinations and studies to individuals covered by insurance may be a “data controller” under the EU General Data Protection Regulation (GDPR) says the Commission for the Protection of Personal Data of Bulgaria.

The CPPD determined that in the case before it, the medical center was

The EU General Data Protection Regulation (GDPR) applies to small businesses too, and many are not ready.

A recent poll of 1,000 small business owners revealed many are still “clueless” about GDPR – leaving the personal data of millions of employees and customers at risk.

  • “Four in 10 small businesses surveyed did not know the