You searched for:
gdpr in keywords.
Can't find what you are looking for? Try again with a
new or advanced search
57 articles matched. Most recent shown first. Showing first 10 results.
Customer data are key in the gambling industry. The full applicability of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) as of 25 May 2018 will oblige all gambling operators to rethink the way in which they handle one of their most valuable assets: their players’ personal data. Jenna Auwerx and Lidia Dutkiewicz, Senior Associate and Lawyer respectively at Pharumlegal, address three GDPR compliance issues that gambling operators of different sorts may be confronted with in relation to their players’ data, whether they are active in the organisation of lotteries, sports betting, or operate a casino or other games of chance. /
read more
Right from the start, EU data protection law has reserved special status for a list of particular data categories. Privacy professionals will be familiar with the concept that, when processing sensitive (or special categories) of personal data, a controller has to rely on an additional basis on top of the general requirement to rely on a lawful ground. These rules are now set out in Articles 6 and 9 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). The starting point under the GDPR is that there is a general prohibition of any processing of these special categories of data under Article 9. A controller then has to argue that it can rely on one of the exceptions or derogations set out under the GDPR in order to use the data. Additionally, there is a degree of flexibility for each EU Member State to introduce its own variation of the rules permitting use of these special categories. But what makes these Article 9 categories so special? And do the stricter requirements around the use of these data categories in the GDPR make practical sense? Victoria Hordern, Head of Data Privacy at Bates Wells Braithwaite, explores. /
read more
Data Protection Leader spoke with Renato Leite Monteiro, Partner and the Head of Privacy and Data Protection at Baptista Luz Advogados, at the IAPP Europe Data Protection Congress in November 2017. In these Q&As, Renato discusses recent data protection developments in Brazil and the rest of Latin America. /
read more
In recent months, the Registration Authority of the Abu Dhabi Global Market (‘ADGM’) has amended the Data Protection Regulations 2015 (‘the Regulations’) and created the Office for the Protection of Personal Data as part of its ongoing effort to provide comprehensive data protection regulations. Data Protection Leader spoke with Dhaher bin Dhaher Al Mheiri, Chief Executive Officer and Registrar of Companies at the ADGM Registration Authority and Tim Land, Head of the Office of Data Protection at the ADGM about data protection law in the free zone. /
read more
Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technologically neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on...? You guessed it: data. Artificial intelligence is essentially about problem-solving and for that we need data; as much data as possible. Against this background, data privacy and cyber security legal frameworks around the world are attempting to shape the use of that data in a way that achieves the best of all worlds: progress and protection for individuals. Is that realistically achievable? /
read more
The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018. In particular, CNIL stated that for the first few months it will make a distinction between fundamental principles and new obligations or rights. While with respect to the former, strict compliance checks will continue to be upheld, the controls in relation to the implementation of new obligations or rights will be carried out with a view to providing organisations with a good understanding of the operational implementation of the GDPR. Provided that an organisation acts in good faith, engages in the compliance process and cooperates, CNIL outlined that it is unlikely that such controls will lead to sanctioning procedures in the first months of the GDPR’s application. /
read more
Entities in the public sector collect and process vast amounts of personal data from citizens. With the passage of laws such as the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), public authorities are facing increased legal obligations. Luis Alberto Montezuma Chavez, Data Protection and Privacy Specialist based in Bogotá, sets out recommendations for the implementation of Data Protection Impact Assessments (‘DPIAs’) in the public sector so entities can comply with their responsibilities. /
read more
The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR’) will come into force across the EU later this year, on 25 May 2018. The GDPR ushers in a new approach to data protection regulation in the EU, with a marked focus on self-regulation and internal accountability. It mandates that certain organisations must appoint a data protection officer (‘DPO’) and sets out requirements regarding the role of the DPO and the tasks the individual must undertake. In this article, Tim Wright and Steven P. Farmer, Partner and Counsel respectively at Pillsbury Winthrop Shaw Pittman LLP, provide an analysis of the role of the DPO and the varying considerations for organisations when appointing internally or outsourcing the function. /
read more
On 25 October 2017, the Danish Minister of Justice, Søren Pape Poulsen, issued a proposal for a new Danish data protection act (‘the Draft Act’), which implements the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and makes use of the right under the GDPR to issue national supplemental provisions in a number of areas. /
read more
Tunisian legislators have spent the last decade trying to guarantee a high level of data protection for citizens and striving to align the Tunisian data protection framework with European standards. Prompted by legislative reform in Europe and its own accession to Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (‘Convention 108’), Tunisia has undertaken a project of law to enhance its data protection standards. Imen Enneifar, Senior Associate at Eversheds Sutherland El Heni, looks at the first draft of the proposed new law. /
read more