Select Page

Author: Privacy Matters

ARTICLE 29 WORKING PARTY GUIDANCE – DATA BREACH NOTIFICATIONS

Last week the Article 29 Data Protection Working Party released updated guidelines in relation to personal data breach notifications and automated individual decision-making and profiling under the General Data Protection Regulation. This alert focuses on the key updates to personal data breach guidelines. Our thoughts on the revised automated decision-making and profiling guidelines will follow in a separate alert. For further information about the guidelines, please click here. Key updates to the guidelines on personal data breach include: A welcome and helpful clarification, that controllers are only considered ‘aware’ of a breach which has occurred on their supply chain...

Read More

CHINA: NEW DATA PROTECTION STANDARD – WHAT YOU NEED TO KNOW

By Scott Thiel and Carolyn Bigg The long awaited new National Standards on Information Security Technology – Personal Information Security Specification GB/T 35273-2017 (“PI Specification”) has now been released, and will come into force on 1 May 2018. This represents the new de facto standard for practical data protection handling, in effect complementing and clarifying the various existing data protection laws (for example, under the Cybersecurity Law and the Consumer Protection Law) and outlining practical compliance steps. Regulators will encourage companies to comply with the PI Specification, so organisations operating in China are strongly advised to review and update...

Read More

CHINA: NEW DATA PROTECTION STANDARD – WHAT YOU NEED TO KNOW

By Scott Thiel and Carolyn Bigg The long awaited new National Standards on Information Security Technology – Personal Information Security Specification GB/T 35273-2017 (“PI Specification”) has now been released, and will come into force on 1 May 2018. This represents the new de facto standard for practical data protection handling, in effect complementing and clarifying the various existing data protection laws (for example, under the Cybersecurity Law and the Consumer Protection Law) and outlining practical compliance steps. Regulators will encourage companies to comply with the PI Specification, so organisations operating in China are strongly advised to review and update...

Read More

AUSTRALIA: Review into Open Banking – Farrell Report released

By Peter Jones and Sinead Lynch Following in the footsteps of Governments across international borders, the results of the long-awaited and much discussed Review into Open Banking in Australia were released late on Friday, 9 February, 2018. The 158 page report recommends a model for the introduction of open banking as part of the broader ‘Consumer Data Right’ introduced by the Government late last year. It follows the Productivity Commission’s recommendations in their Data Availability and Use Report last year to give consumers a ‘comprehensive right’ with greater access to and control of their data. The Report contains 50 recommendations covering the...

Read More

AUSTRALIA: Review into Open Banking – Farrell Report released

By Peter Jones and Sinead Lynch Following in the footsteps of Governments across international borders, the results of the long-awaited and much discussed Review into Open Banking in Australia were released late on Friday, 9 February, 2018. The 158 page report recommends a model for the introduction of open banking as part of the broader ‘Consumer Data Right’ introduced by the Government late last year. It follows the Productivity Commission’s recommendations in their Data Availability and Use Report last year to give consumers a ‘comprehensive right’ with greater access to and control of their data. The Report contains 50 recommendations covering the...

Read More

FRANCE: Draft Data Protection Law – One Step Closer to a Final Version

By Denise Lebeau-Marianna and Caroline Chancé On 9 February 2018, the French National Assembly adopted at first reading the new draft data protection law implementing the EU General Data Protection Regulation (“GDPR”) and EU Data Protection Directive on Police and Criminal Justice Cooperation into French law. After two days of discussion and 180 amendments reviewed, the French National Assembly has adopted the draft law aimed at adapting the French data protection framework in anticipation of the entry into application of the GDPR on next May 25. A couple of amendments are worth mentioning, in particular with respect (i) to the age of...

Read More

FRANCE: Draft Data Protection Law – One Step Closer to a Final Version

By Denise Lebeau-Marianna and Caroline Chancé On 9 February 2018, the French National Assembly adopted at first reading the new draft data protection law implementing the EU General Data Protection Regulation (“GDPR”) and EU Data Protection Directive on Police and Criminal Justice Cooperation into French law. After two days of discussion and 180 amendments reviewed, the French National Assembly has adopted the draft law aimed at adapting the French data protection framework in anticipation of the entry into application of the GDPR on next May 25. A couple of amendments are worth mentioning, in particular with respect (i) to the age of...

Read More

FRANCE: CNIL New Security Guidelines

By Denise Lebeau-Marianna and Caroline Chancé   On January 23, 2018, the French data protection authority (the CNIL) published new guidelines on the security of personal data (updating its previous security guide published in 2010 available in English) , providing practical recommendations in the form of “Do’s and Dont’s” to help businesses implement appropriate measures to protect personal data in compliance with the General Data Protection Regulation (“GDPR”). Article 32 of the GDPR requires data controllers and processors to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. Although the GDPR provides...

Read More
  • 1
  • 2

Recent Posts – All categories