Loading

Tag: GDPR

Tag: GDPR

UK-US Data Bridge heralds a new era of transatlantic data flow

Alongside the EU- and Swiss-US Data Privacy Frameworks, the implementation of the UK-US Data Bridge heralds a new era of transatlantic data flow, emphasizing the importance of data protection.   On 12th October 2023, a significant milestone was achieved as the UK-US Data Bridge officially became law, marking a new era of transatlantic data flow.

The Connecticut Data Privacy Act

The Connecticut Data Privacy Act regulates and protects the personal data of Connecticut residents and requires businesses to implement comprehensive data protection measures.    The Connecticut Data Privacy Act (CDPA) is a robust legal framework designed to protect citizens’ privacy rights and regulate how companies and organizations handle personal data. The CDPA, like other state

Virginia Consumer Data Protection Act

The Virginia Consumer Data Protection Act (VCDPA) is a key US legislation aimed at protecting consumer data by establishing clear guidelines for businesses.   The Virginia Consumer Data Protection Act (VCDPA), which was signed into law on March 2, 2021, and came into force on January 1, 2023, aims to protect the personal data of

Best Practices for Data Backup and Disaster Recovery

The following best practices for data backup and disaster recovery can help protect the data within your business and maintain compliance with data protection laws.   Data protection is not just a legal requirement, but a fundamental aspect of maintaining a secure and resilient business. It is important to protect data from unauthorised access, use,

Controller Binding Corporate Rules: New recommendations from the EDPB

The EDPB recently published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules.   The European Data Protection Board (EDPB) has recently adopted recommendations for the Controller Binding Corporate Rules (BCR-Cs) during their November plenary. The document includes recommendations on the Application for

Processor Code of Conduct published by LfDI of Baden-Württemberg, Germany

Baden-Württemberg DPA, LfDI has published a Processor Code of Conduct to aid data processors with self regulation.    The DPA of Baden-Württemberg, Germany has published a code of conduct for processors, providing more legal certainty with regard to data processing under the GDPR. Businesses and organisations within Germany and in general within the EU, who

Guidance on international transfers from the ICO

The UK’s ICO has published guidance on international transfers for businesses and organisations which process personal data.   In the aftermath of the publishing of the International Data Transfer Agreement (IDTA) and the Addendum to the European Union Standard Contractual Clauses (SCCs), the ICO has published guidance on international data transfers. This guidance includes a

Processing of health data by complementary health insurance providers: CNIL calls for further clarification

CNIL calls for clarification regarding the processing of health data by complementary health insurance providers in the face of several complaints.   CNIL calls for clarification regarding which conditions under which complementary health insurance providers are allowed to collect health data, after receiving several complaints regarding the legality of these insurance providers receiving data generated

GPS tracking must be appropriate and necessary

Slovenia SA rules that while the security of property can be a legitimate interest for GPS tracking, it must be appropriate and necessary.    The Slovenian Supervisory Authority (SA) determined that a data controller which engaged in GPS tracking of eight company vehicles, did not have a legal basis to do so, according to this

UK Department for Education reprimanded by the ICO

The ICO has issued a reprimand to the UK Department for Education, relating to the misuse of personal information of children.   Following an investigation into the use of a database of pupils’ learning records by Trust Systems Software UK Limited, the ICO believes this to be a case of poor diligence on the part