GDPR regulatory news roundup – February 2017

Spain: AEPD issues GDPR guidance for SMEs
The Spanish data protection authority AEPD issued three guides for small- and medium-sized companies on complying with the GDPR: a guide for data controllers, contracts between data controllers and processors, and the information obligations for controllers. Learn more (Spanish) >>

Denmark: Ministry of Justice publishes Q&As on the GDPR
The Ministry of Justice published a series of questions and answers from its public meeting on the GDPR. The Q&As address the appointment of data protection officers, data protection impact assessments, privacy by design, and managing data subjects’ rights. Learn more (Danish) >>

Belgium: CPP publishes draft recommendation on DPIAs
The Belgian Privacy Commission (CPP) published its draft recommendation on data protection impact assessments (DPIAs). The recommendation seeks to provide compliance guidance and to provide practical answers on its application. Learn more (French) >>     (Flemish) >>

Gibraltar: GRA launches GDPR guidance
The Gibraltar Regulatory Authority (GRA) launched a webpage and guidance on the GDPR to explain the similarities with the existing Data Protection Act 2004, and describe some of the new requirements. The GRA highlighted that that the UK’s decision to leave the EU will not affect or influence the commencement of the GDPR in Gibraltar. Learn more (English) >>

France: CNIL launches GDPR consultation
The French data protection authority CNIL launched a public consultation on data breach notification, profiling and consent under the GDPR. Open until 23 March 2017, the consultation will assist in the formulation of guidelines by the Article 29 Working Party. Learn more (French) >>

Germany: BayLDA publishes paper on data subject rights
The Bavarian State Commissioner for Data Protection (BayLDA) published a short paper on the application of data subject access rights under the GDPR and the information that must be provided by the data controller. Learn more (German) >>

GDPR training course dates:

Our ISO 17024-accredited GDPR Foundation training course provides a complete introduction to the GDPR, and an overview of the key implementation and compliance activities, including data protection impact assessments(DPIAs), appointment of a DPO and data breach reporting.

Learn more about our European course dates >>


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.