Loading

Tag: EDPB

Tag: EDPB

”Pay or ok” — Does this new paid subscription model invalidate consent?

There has been much debate about the validity of consent under the GDPR as it relates to the “Pay or ok” paid subscription model on social media and other platforms and websites.   Since November 7, European users of Facebook and Instagram have had the option to pay a subscription in exchange for an ad-free

EDPB publishes urgent binding decision regarding Meta

EDPB publishes urgent binding decision regarding Meta, emphasizing the company’s obligation to provide clear, transparent information to users about how their data is being used.   The European Data Protection Board (EDPB) recently published an urgent binding decision regarding Meta, the technology conglomerate, also known as Facebook. This decision marks an important development in data

Data protection guide for small businesses published by the EDPB

The EDPB has recently published a data protection guide for small businesses to aid with GDPR compliance.   The European Data Protection Board (EDPB) has released a new guide aimed at helping small businesses comply with the GDPR, as stated in this report. The guide provides a comprehensive overview of the key principles of data

Updated guidelines on data subject access requests issued by the EDPB

The EDBP has issued finalised updated guidelines on data subject access requests, providing practical advice for organisations.   The European Data Protection Board (EDPB) has issued updated guidelines on data subject access requests that provide practical advice for organisations receiving these requests from individuals. This update builds on previous guidelines published a little over a

Coordinated investigation into the role of Data Protection Officers launched by EDPB

The EDPB has launched a coordinated investigation into the role of Data Protection Officers across the EU.    The European Data Protection Board (EDPB) has launched a coordinated investigation into the role of Data Protection Officers (DPOs) across the European Union. The purpose of the investigation is to assess the actual implementation and enforcement of

Data breach notification guidelines from the EDPB

The EDPB has recently published a document containing detailed data breach notification guidelines for EU organisations.    The EDPB has recently published a document that provides guidelines on how to handle personal data breaches as required by the EU General Data Protection Regulation (GDPR). The guidelines are intended to assist controllers, processors and supervisory authorities

EU-US Data Privacy Framework advancements welcomed by the EDPB, however concerns remain

While the EDPB welcomes advancements in the EU-US Data Privacy Framework, the organisation remains concerned on various points.   The EDPB has recently released a statement welcoming developments under the EU-US data privacy framework. The organisation however has put forward several concerns and requests for clarification. The EDPB welcomes further updates to the principles of

EDPB publishes guidelines on personal data breach notifications

The EDPB has recently published guidelines on personal data breach notifications under the GDPR for businesses and organisations.    The European Data Protection Board (EDPB) recently released guidelines on personal data breach notifications under the GDPR. This document includes detailed requirements for businesses and organisations which handle individuals’ data in the event of a data

Controller Binding Corporate Rules: New recommendations from the EDPB

The EDPB recently published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules.   The European Data Protection Board (EDPB) has recently adopted recommendations for the Controller Binding Corporate Rules (BCR-Cs) during their November plenary. The document includes recommendations on the Application for

GDPR-CARPA certification mechanism adopted by CNPD

Luxembourg adopted the GDPR-CARPA verification mechanism  becoming the first country to introduce a certification mechanism under the GDPR.   The National Data Protection Commission of Luxembourg (CNPD) adopted its GDPR-CARPA (Certified Assurance-Report based Processing Activities) certification mechanism last month. This will be known as the first certification mechanism under the GDPR to be adopted on