personal data
Posts
Bulgaria Data Privacy Update: Q4 2020 Summary
Some notes/reminders for data controllers based on the Bulgarian Personal Data Protection Commission’s practice from the last quarter of 2020: 1. The requirement for a timely and motivated response to a data subject’s request (e.g. for access to or erasure of her/his personal data) is a separate obligation of the data controller and its violation […]
Personal Data Transfers After the Schrems II Decision
On 16 July 2020 the European Court of Justice (ECJ) rendered its much anticipated ruling in Case C-311/18 (Schrems II) by which it invalidated the European Commission’s Decision on the adequacy of the protection provided by the EU-US Data Protection Shield (the Privacy Shield Decision) and provided some important insight on personal data transfers outside […]
What will be the new normal for employers in terms of health data processing in the post-quarantine reality?
COVID-19 screening at the workplace
A new ruling of the ECJ on the limits of website operators’ responsibility as controllers when using third party plugins
On 29 July 2019 the European Court of Justice rendered its preliminary ruling in Case C-40/17 Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV providing insight on the limits of a controller’s responsibilities under Directive 95/46 and possibly under the GDPR. Fashion ID, an online clothing retailer, embedded on its website the ‘Like’ plugin of Facebook which […]
An awaited new ECJ preliminary ruling on data privacy in the case C-210/16 Wirtschaftsakademie Schleswig-Holstein
On June 5, the European Court of Justice (ECJ) released its preliminary ruling in the case Wirtschaftsakademie Schleswig-Holstein. The ECJ found that the administrator of a fan page on Facebook is jointly responsible with Facebook for the processing of data of visitors to the page. By creating a fan page on Facebook and defining the criteria […]
GDPR implications on the global M&A process
A recent GDPR seminar attended by members of our team inspired us to share our thoughts on how the new European legislation on data protection would affect the M&A transactions. The GDPR implications on M&A deals would certainly go beyond the borders of the EU given the extraterritorial application of the Regulation. Privacy “by design” […]
Mandatory data protection officers under the GDPR
Data protection officers (“DPO”) will become key figures within organisations striving to ensure compliance with the stricter requirements of the GDPR as from May 2018. In the end of 2016, a conservative estimate by the International Association of Privacy Professionals suggested that 75,000 DPO positions will be created globally in response to the adoption of […]
How the GDPR will impact companies acting as personal data processors
Before the GDPR enters into force on 25 May 2018, companies processing personal data will have to reassess their approach to personal data processing. Under the current state of the law, a company acting as a personal data processor that has been found liable for unlawful personal data processing would be liable for a breach […]
How to define the most relevant legal basis for personal data processing under the GDPR
On its entry into force, the GDPR would make reliance on data subjects’ consents inappropriate for many personal data processing activities. A practical tip to self-test current consents: if it seems difficult for a controller to obtain a valid consent, perhaps there is another legal ground that should apply. When implementing a GDPR compliance strategy, […]
Consent of data subjects under the GDPR
One of the most common grounds for lawful processing of personal data is obtaining the data subject’s consent. As from 25 May 2018 when the GDPR shall enter into force, the requirements for obtaining lawfully such consent will be significantly amended. Despite being more burdensome for companies, the new requirements may serve as a competitive […]