I do not consider myself a risk-averse, but definitely, vouch for risk assessments. Simply, we all get the consequences of our actions, so why not to address the things adequately?. I reviewed the alternative transfer tools available to keep on transferring personal data to the U.S. The derogations are limited, and there is no room for […]
Read MoreCategory: Legal
CJEU Judgement: EU-US PRIVACY SHIELD NO LONGER VALID
On the 16 of July 2020, the Court of Justice of the European Union ( “CJEU”) declared invalid the Privacy Shield decision and hence, the certification as an adequate mechanism to transfer personal data from the EEA to the U.S. The judgement C-311/18 can be found here. Thus, nowadays, the transfers of personal data from […]
Read MoreThe territorial scope of the GDPR
The GDPR material scope refers to the activities that are within or outside the scope of the instrument, and it is stated in Art.2. The GDPR territorial scope refers to the application of the regulation to organisations within and outside the EU*, and it is stated in Art.3. To be accurate regarding the full applicability of […]
Read MorePenalties under the GDPR
On the 25th May 2018, many EU countries were not ready for the implementation of the GDPR -despite having two years of preparation. As you can imagine, many in the private sector are not prepared either. Thus, this article explores what provisions, if breached, are addressed as serious, with the imposition of the higher administrative […]
Read MoreConsent for Tracking Purposes
This article explores the use of consent to store information or access to storage of information on an end user’s terminal equipment. However, keep in mind that the last amendments to the ePrivacy Directive analyses other grounds for data processing, other than consent. WHAT IS CONSENT? Consent is a legal base by which a person can agree […]
Read MoreRights of Data Subjects under the GDPR
All-natural persons whose personal data is processed by a Data Controller (DC) or Data Processor (DP) within the territorial scope of the GDPR, are Data Subjects and hence entitled to these rights. The DC is responsible for allowing data subjects to exercise their rights and to ensure that they can make effective use of them. […]
Read MorePrinciples for the Processing of Personal Data under the GDPR
The principles are set in article 5 of the GDPR and enshrined thorough all the Regulation, and they apply to every personal data processing activity. As the cornerstone of the Regulation, they should be kept in mind when interpreting the rights and duties established in the GDPR. Lawfully, Fairly and Transparent Lawfully refers to […]
Read MoreWho is the Data Processor and what are its responsibilities under the GDPR?
. The data processor (DP) is the one that processes personal data for the account, on instruction and under the authority of the Data Controller (DC)-other than the employee of the DC. It can be a natural or legal person, public authority, agency or another body.
Read MoreWho is the Data Controller and what are its responsibilities under the GDPR?
The Data Controller (“DC”) is the one who, alone or jointly, determines the purpose and means of the processing of personal data; in other words, is the one who decides why other’s personal data is processed and how it would be processed; therefore, is regulated under the GDPR and it is abided by its rules. […]
Read MoreUpcoming Data Protection Legislations
Many non-EU jurisdictions are in the process of drafting or updating their data protection regulations. Since, if a third country is considered as offering an adequate level of protection, this will allow the free flow of EU Personal Data without the implementation of additional safeguards.
Read More