Summer Reading: Accelerating Data Regulation
July 5, 2018

The post-GDPR era offers us a chance for reflection. Where do we stand in the on-going processes of data legislation in the EU and, more importantly, what is the big picture? While data protection and privacy have been the trending topics of spring 2018, it must be borne in mind that the GDPR is but […]

On 25 May 2018, the long wait was over and the EU General Data Protection Regulation (GDPR) finally entered into full force and effect and became applicable in all EU Member States. During the preceding two-year transition period, companies worked hard to prepare themselves for and to ensure compliance with the new requirements under the […]

As we already prefigured in our earlier blog post, the Article 29 Working Party (the “WP29”) has adopted drafts for guidance regarding requirements for transparency and consents under EU’s General Data Protection Regulation (the “GDPR”). Transparency Transparency is one of the key principles of the processing of personal data under the GDPR. Furthermore, under the […]

October 2017 has been a busy month for the Article 29 Working Party (the “WP29”), a group that consists of EU data protection authorities. The WP29 has recently published three new guidelines and revised some earlier guidelines on the implementation of the General Data Protection Regulation (the “GDPR”). The recent guidance includes proposed guidelines on […]

Back in January, the Commission published a proposal for a Regulation on Privacy and Electronic Communications (the “E-Privacy Regulation”) to replace the current E-Privacy Directive (2002/58/EC). This was after the proposal had initially been leaked right before the Christmas holidays in 2016, which I commented on in a previous blog post here on our Hannes […]

The Article 29 Working Party (the WP29), which is an independent advisory board on data protection and privacy, has adopted Guidelines (in English) on Data Protection Impact Assessment (DPIA) on 4 April 2017. The guidelines define when and how an impact assessment should be carried out pursuant to the EU General Data Protection Regulation 2016/679 […]

The Cloud Infrastructure Services Providers in Europe (the “CISPE”), a coalition of technology companies focused on the provision of cloud computing infrastructure services across Europe (such as cloud tech giant Amazon Web Services), has established a new voluntary Data Protection Code of Conduct (the “Code”) to help cloud customers ensure that their cloud infrastructure provider […]

On 24 January 2017, the Office of the Data Protection Ombudsman published guidance (in Finnish) for companies on how to prepare for the upcoming EU General Data Protection Regulation (“GDPR”).  Although the guidance serves as a high-level introduction to the GDPR, it unfortunately does not go into specific details of the GDPR. Thus, it does […]