Transborder data flow is a transfer of personal data to a recipient who or which is subject to a foreign jurisdiction. For instance, a simple email containing personal data is sent to a group internal email address, which includes addresses located outside the EU*, already forms an international data transfer. (Art.44 GDPR) So, first, it is […]
Read MoreUpcoming Data Protection Legislations
Many non-EU jurisdictions are in the process of drafting or updating their data protection regulations. Since, if a third country is considered as offering an adequate level of protection, this will allow the free flow of EU Personal Data without the implementation of additional safeguards.
Read MoreBinding Corporate Rules for a “group of enterprises engaged in a joint economic activity”
Once the GDPR enters into force, the Binding Corporate Rules (BCRs) will be explicitly recognized as mechanism adducing appropriate safeguards to the transfer of personal data outside the EU. This new inclusion, not only recognizes the use of BCRs for the transfer of personal data within a corporate group but also allow it to a […]
Read MoreBinding Corporate Rules or Standard Contractual Clauses?
When implementing the GDPR, international transfer of personal data is one of the biggest challenges for a group of companies. This is because, usually, the company members share personal data between each other or send personal data to a group of enterprises engaged in the same economic activity which are not always located in the […]
Read MoreThe Dual Role: Acting as Data Processor and Data Controller under the GDPR
The first step to comply with the GDPR is to define the entity’s status under the GDPR; it either can be a Data Controller or a Data Processor, or in some cases, both. Only with a clear determination of the role, an assertive assessment of the rights and obligations for that particular company can be […]
Read MoreThe EU-US Privacy Shield
We live in a digitalised world, where the processing of personal data has intensified, and as a result, there is a need in the market to increase the processing capabilities. Now, the US is a big market and as such offers a variety of services and products such as cloud storage, marketing services, digital commerce, […]
Read MoreEU Standard Contractual Clauses: When and How to use them
The EU contractual clauses commonly referred to as standard contractual clauses (“SCCs”) has been developed to make possible the data exporting, transfer of Personal Data abroad, safeguarding a sufficient level of data protection at the recipient.
Read MoreFair and Transparent Processing of Personal Data
Let’s move our focus towards the fairness and transparency of the process because having a legitimate ground is not enough. The way of processing is also vital for the respect of all the guarantees provided to the protection of personal data.
Read MoreLawful Processing of Personal Data in the Private Sector
As stated by the European Union Agency for Network and Information Security (ENISA), “Our society more and more depends on the trustworthy functioning of the information and communication technologies”.
Read MoreWhat is Personal Data?
A lot has been written about the upcoming General Data Protection Regulation (GDPR) and the Draft Proposed Regulation to update the Directive on Privacy and Electronic Communications (ePrivacy Directive). However, before entering into details, we should all make sure that we understand what is personal data; and hence, which information is protected by the Law.
Read More