Gene­ric selec­tors
Only exact hits
search in title
Search in content
Post Type Selec­tors

Posts rela­ted to


ICO: Draft UK Adden­dum to the Stan­dard Con­trac­tu­al Clauses 

The Eng­lish super­vi­so­ry aut­ho­ri­ty ICO has published a draft UK Adden­dum to the stan­dard con­trac­tu­al clau­ses. The adden­dum amends the new EU Stan­dard Con­trac­tu­al Clau­ses (SCC) to cover data trans­fers from the United King­dom. The adden­dum is part of a con­sul­ta­ti­on on the future of data pro­tec­tion for inter­na­tio­nal data trans­fers. In addi­ti­on to

Eng­lish data pro­tec­tion law after Bre­x­it; UK representative 

Sin­ce Bre­x­it, Eng­lish data pro­tec­tion law is essen­ti­al­ly com­po­sed as fol­lows: The GDPR con­ti­nues to app­ly sub­stan­tively, but no lon­ger as a Euro­pean regu­la­ti­on, but now as “UK GDPR”, i.e. “Regu­la­ti­on (EU) 2016/679 […] as it forms part of the law of Eng­land and Wales,

Bre­x­it: ade­quacy deci­si­on left to EU; six-mon­th tran­si­ti­on period 

The EU and the UK have rea­ched a last-minu­te agree­ment on a trea­ty gover­ning the UK’s with­dra­wal from the EU. Part of the agree­ment is also com­pli­an­ce with high data pro­tec­tion stan­dards – but not reco­gni­ti­on of ade­quacy. Whe­ther the EU con­si­ders the Eng­lish level of data pro­tec­tion to be adequate,

ICO: Gui­d­ance on affec­ted per­son petitions 

The Eng­lish super­vi­so­ry aut­ho­ri­ty ICO has published a detail­ed gui­de on how to deal with data sub­ject requests. The gui­de­li­ne also con­tains, for examp­le, explana­ti­ons of what efforts are expec­ted of com­pa­nies when sear­ching for per­so­nal data of the data sub­ject: Data in archi­ving and back­up systems must always be sear­ched, even if the data subject’s

ICO: Gui­de­li­nes on AI and data protection 

The Eng­lish regu­la­tor, the ICO, has published gui­d­ance on AI and data pro­tec­tion: part one covers accoun­ta­bi­li­ty and gover­nan­ce in AI, inclu­ding data pro­tec­tion impact assess­ments (DPI­As); part two covers fair, law­ful and trans­pa­rent pro­ces­sing, inclu­ding legal bases, asses­sing and impro­ving the per­for­mance of AI systems, and the

Reac­tion of the super­vi­so­ry aut­ho­ri­ties to Schrems II 

A num­ber of aut­ho­ri­ties have alrea­dy com­men­ted on the ECJ’s Schrems II ruling. The pic­tu­re is mixed. While one aut­ho­ri­ty deman­ds immedia­te repa­tria­ti­on of data (Ber­lin), others sug­gest that acti­vism is not necessa­ry except in spe­cial cases. A selec­tion: The FDPIC, as repor­ted, is exami­ning the