GDPRprocess

23 October 2019 at 10:22am

EDPB on (not) Necessary for Contract

Andrew Cormack
GDPRprocess
Data Protection Regulation
The European Data Protection Board's (EDBP) latest Guidelines further develop the idea that we should not always expect relationships involving personal data to have a single legal basis. Although the subject of the Guidelines is the legal basis "Necessary for Contract", much of the text is dedicated to pointing out the other legal bases that will often be involved in a contractual relationship.
Read more
18 December 2017 at 1:34pm

Article 29 WP draft on Transparency

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party has published its draft guidelines on transparency. For those of us who have already been working on GDPR privacy notices, there don’t seem to be any surprises: this is largely a compilation of the relevant sections of the Regulation and other guidance.
Read more
15 December 2017 at 9:16am

Article 29 WP draft on Consent

Andrew Cormack
Data Protection Regulation
GDPRtopics
GDPRprocess
The Article 29 Working Party of European Data Protection Supervisors has published draft guidance on consent under the General Data Protection Regulation. Since the Working Party has already published extensive guidance on the existing Data Protection Directive rules on consent, this new paper concentrates on what has changed under the GDPR.
Read more
8 December 2017 at 11:12am

Article 29 WP draft on Automated Processing

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party have conducted a brief consultation on draft guidance on Automated Processing that, surprisingly, reverses all previous legal interpretations I've found. GDPR Article 22 is one of several that begin "The data subject shall have the right", in this case:
Read more
4 December 2017 at 10:25am

Implementing the GDPR

Andrew Cormack
Data Protection Regulation
GDPRprocess
Last week I spoke at the UCISA CISG-PCMG conference on some of the tools we have been using within Jisc to apply the requirements of the GDPR. UCISA has now published a recording of the session, as well as a copy of my slides.
Read more
23 October 2017 at 4:28pm

GDPR - Privacy Notices

Andrew Cormack
Data Protection Regulation
GDPRprocess
GDPRtopics
Although privacy notices are an important aspect of the General Data Protection Regulation, it seems unlikely that we will have final guidance from regulators for several months.
Read more
25 July 2017 at 10:48am

GDPR: Service Categories

Andrew Cormack
Data Protection Regulation
GDPRprocess
Jisc provides a lot of different services: too many for us to look at each one from scratch before the General Data Protection Regulation comes into force next May. Instead, we've identified four different patterns that seem to cover the majority of services. We hope that having a common set of expectations for each pattern will simplify discussions with service managers, customers and users.
Read more
5 July 2017 at 9:59am

Article 29 WP on Workplace Monitoring

Andrew Cormack
Data Protection Regulation
GDPRtopics
GDPRprocess
Monitoring
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and equipment. The guidance considers the requirements under both the Data Protection Directive and, from next year, the GDPR.
Read more
2 June 2017 at 2:37pm

GDPR: How to Prepare

Andrew Cormack
Data Protection Regulation
GDPRprocess
To mark one year to go till the General Data Protection Regulation comes into force, we've published an article on "How Universities and Colleges Should be Preparing for New Data Regulations" on the Jisc website.
Read more
5 June 2018 at 11:28am

GDPR: 12 Steps Illustrated

Andrew Cormack
Data Protection Regulation
GDPRprocess
I've been trying to produce a visual image to capture the twelve steps to GDPR compliance. For details of the individual steps see:
Read more
Subscribe to GDPRprocess