Chat to a DPO
Chat to a DPO

cristinac

Home
Author: cristinac
Page 4
Read More
  cristinac

The ICO has imposed a fine on UK retailer due to poor security safeguards

The Information Commissioner’s Office (ICO) has imposed a £500,000 fine on UK retailer DSG Retail Limited after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people. Ok, so your company accepts credit cards payments for product sales/service offerings. You value security so you’ve ensured
January 24, 2020 Comments (0) Share
Read More
  cristinac

The Use of Facial Recognition Technology in public places in the EU could be temporarily banned

A leaked EU Commission white paper proposes that the EU  place a 3 to 5 year ban on facial recognition technology within public places.   As exciting as it all seems—this ability to instantly gain access, perform transactions or even pay bills by simply scanning your face!—there is without a shadow of a doubt, a scary
January 22, 2020 Comments (0) Share
Read More
  cristinac

European Supermarket Chain may face inspection over new fingerprinting system

Belgian data protection authority, Gegevensbeschermingsautoriteit, may launch an investigation into supermarket chain Carrefour’s fingerprint payment system.   There’s no denying that we currently live in a fast paced, highly technological era. One which constantly ushers in new means of identifying individuals and processing digital payments—all geared towards increased convenience. At this stage, thanks to mobile
January 18, 2020 Comments (0) Share
Read More
  cristinac

ICO launches consultation on the draft direct marketing code of practice

Public consultation for the UK draft direct marketing code of practice is now open. Earlier this month the ICO launched a public consultation on its draft direct marketing code of practice.  This draft code has been produced in accordance with section 122 of the Data Protection Act 2018. According to the ICO, the draft code
January 15, 2020 Comments (0) Share
Read More
  cristinac

First standard contractual clauses for contracts between controllers and processors

The Danish Supervisory Authority has published the final text of the clauses for contracts between controllers and processors in the EDPB’s register. The Danish Supervisory Authority has published its contractual clauses for contracts between controllers and processors in compliance with Article 28 (3) GDPR, following the EDPB Opinion 14/2019. The initiative aims at specifying controller
January 10, 2020 Comments (0) Share
Read More
  cristinac

London pharmacy fined for failing to ensure the security of special category of personal data

The pharmacy left 500,000 documents in unlocked containers at the back of its premises. Failing to ensure the security of special category of personal data may trigger large fines under the GDPR. Are your devices password-protected? Do you make sure that you only use cloud services that encrypt the data? If your answer to these
January 8, 2020 Comments (0) Share
Read More
  cristinac

What does new Schrems II case mean for businesses?

CJEU’s Advocate General Henrik Saugmandsgaardøe publishes his opinion in the so-called ‘Schrems II’ case. New Year, new regulation concerns? Two weeks before the end of 2019, Court of Justice of the European Union’s (CJEU) Advocate General delivered his opinion in the case known as ‘Schrems II’, concerning the validity of the Standard Contractual Clauses (SCCs).
January 3, 2020 Comments (0) Share
Read More
  cristinac

ICT Regulation in 2020: What to expect? An Aphaia Perspective

  Aphaia’s Managing Partner Bostjan Makarovic and Partner Cristina Contero Almagro weigh in on ICT regulation in 2019 and offer their predictions and hopes for 2020.   To say it has been an eventful 2019 for data protection, ICT Governance and ePrivacy—specifically within the EU and United Kingdom—would be an understatement. Indeed, with 2019 being
December 27, 2019 Comments (0) Share
Read More
  cristinac

EDPB guidelines on the criteria of the Right to be Forgotten in the search engines cases under the GDPR

The right to be forgotten is regulated in Article 17 GDPR, which grants individuals the right to request, on certain grounds, erasure of their personal data. “Right to be Forgotten”. A famous one over the last few years, right? The case known as Google Spain v. Costeja Gonzalez is the origin of this concept. Let’s
December 20, 2019 Comments (0) Share
Read More
  cristinac

EDPB issues opinion on UK Supervisory Authority draft accreditation for a code of conduct monitoring body

On December 2nd, the European Data Protection Board (EDPB) adopted its opinion on the UK data protection Supervisory Authority draft accreditation requirements for a code of conduct monitoring body. Earlier this year, the United Kingdom Supervisory Authority (UK SA) submitted its draft decision containing the accreditation requirements for a code of conduct monitoring body to
December 18, 2019 Comments (0) Share