The German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading
On February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment. The deadline for submitting comments on the draft is March 26, 2018, and responses should be emailed to JUST-ARTICLE29WP-SEC@ec.europa.eu. Like the current EU Data Protection Directive, the GDPR prohibits the … Continue reading
This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.… Continue reading
The GDPR will come into force exactly four months from Thursday. In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR. While much of the guidance is already known to privacy professionals, there are new insights as well.… Continue reading
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently published two guidance documents to aid organizations in complying with HIPAA.… Continue reading