GDPR

Subscribe to GDPR

shutterstock_189182636 (1)As the companies doing business in Europe are trying to get their arms around the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), but so far not making substantial headway, the European Data Protection Authorities (DPAs) are doing their own GDPR preparation by securing increased budgets and additional workforce.

Last week, the Irish Data Protection Commissioner (DPC), Helen Dixon, has “welcomed” the additional funding of €2.8 million for her office’s 2017 budget, as announced by the Government, bringing the total funding allocation to the DPC to over €7.5 million. The 2017 budget increases are in line with the increases in 2015 and 2016, representing a 59% increase on the 2016 allocation and over four times the €1.9 million provided to the DPC in 2014.

Commenting on the 2017 funding allocation, Helen Dixon stated:

“The additional funding being provided by Government in 2017 will be critical to our preparations for the implementation of the EU General Data Protection Regulation in May 2018. In 2017 we will continue to invest heavily in building our capacity and expertise, including the recruitment of specialist staff, to administer our new enforcement powers and all of our additional responsibilities under the new law.

Continue Reading Irish Data Protection Commissioner Welcomes Increases in Budget in Preparation for the GDPR Enforcement

shutterstock_291401912On May 25, 2018, the EU General Data Protection Regulation (GDPR) will come into effect requiring companies that process personally identifiable information of EU residents to comply with a significant number of enhanced data-protection requirements. One of these requirements is an individual’s “right to explanation” of an algorithmic decision made about him or her by

The clock is now ticking. On May 4th the European Parliament published the final text of the General Data Protection Regulation (“GDPR”), and the rules of the game have significantly changed – at least in the context of EU data protection law. First, the GDPR changes the underlying approach to data protection law, with a new emphasis placed on accountability and risk-based approaches. “Privacy by Design” and “Privacy by Default” have been included in the regulatory ecosystem. Second, significant changes have been made to the obligations of “controllers” and “processors”. These include specific criteria for having compliant privacy notices and vendor management contracts. Third, enforcement is now a very real, and potentially risky, thing. With the possibility of administrative fines being up to 4% of a business’ global gross revenue, private rights of action by individuals, and non-profit privacy watchdog groups (also known as “Civil Society”) having the right to complain of a company’s privacy practices directly to the local Data Protection Authorities; compliance with the GDPR will now be one of those risks that any business who touches EU data will need to seriously consider. Fortunately, the GDPR won’t go into effect until May 25th 2018. However, businesses with significant data from the EU need to start considering how to comply now.
Continue Reading Europe Is Shifting, And It’s a Big Deal – The New GDPR

The annual conference of the world’s data protection regulators is a three day exercise, with half of the conference being “closed door” for the regulators only, and the other half being a series of side meetings and presentations, which report out to interested attendees the results of the closed door meetings. This is a good meeting to gain insight in the next year’s trends in data protection regulation and enforcement across the globe. While this conference happens every year, the events in the European Court of Justice and the impending completion of the new General Data Protection Regulation (“GDPR”) made this year’s conference particularly interesting. Here are some of the insights which were developed during the conference:
Continue Reading The 37th International Conference of Data Protection & Privacy Commissioners – Some Observations