"Monsters Inc." y el tratamiento de los datos
In a decision with significant legal and operational ramifications for organisations of all shapes and sizes, the Court of Justice of the European Union (CJEU) last week confirmed that pseudonymised data will not always and...more
The European Commission’s decision of 4 June 2021 finalises the new SCCs for transferring personal data from the EEA. After invalidation of the Privacy Shield by Europe’s top court, many businesses came to rely upon...more
The EDPB issued an opinion on the draft Standard Contractual Clauses (SCC) for a controller-processor data processing agreement under Article 28 (Data Processing Agreements) submitted by the Lithuanian supervisory authority. ...more
Who is responsible for putting a GDPR Article 28 Data Processing Agreement in place? Dutch Data Protection Authority, Autoreitpersoonsgegevens, says: BOTH the data controller and the data processor....more
The Dutch Data Protection Authority has written to the Dutch Banking Association to state that processing customers' transaction data for direct marketing purposes may not be in compliance with the General Data Protection...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to...more
On May 29, 2017, the French Data Protection Authority (Commission Nationale Informatique et Libertés, or "CNIL") announced that it had authorized nine banking institutions to implement, on an experimental basis,...more