Category Council of Ministers

This week’s competition is ‘spot the difference’ between DPA 1998 and GDPR

spot the differenceIt’s not as easy as it looks, is it? And that goes for the differences between the Data Protection Act (DPA) 1998 and the forthcoming EU General Data Protection Regulation (GDPR) on course to gain consent from the European Commission, European Parliament and European Council of Ministers in early January2016.

That means it will be fully implemented at the end of 2017 after the 2-year transition period expires.

Once GDPR has achieved agreement, the Data Protection Directive 95/46/EC is repealed and the basis for the DPA 1998 has effectively been removed.

The legal position as to what happens during the transition period is still to be worked out but by far the safest course of action is for organisations to comply fully with the data protection principles enshrined under the GDPR, given t...

Read More

Goodbye to ‘Safe Harbor’ as US companies need to start playing by the same rules

not so safe harborThis week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US. The Advocate General observed: “If the (European) Commission decided to enter into negotiations with United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbour scheme, was no longer adequate.”

And of course, he’s impeccably right in this regard.

The cornerstone of this highly influential leg...

Read More

GDPR is a top priority for the EC this year – Juncker

JunckerThis morning (Wed 9 September 2015) European Commission President Jean-Claude Juncker has revealed the priorities in the business of the European Commission and this includes reform of Europe’s data protection and privacy laws against the backdrop of a connected single digital market.

Juncker indicated in his speech today as well as in an open letter to European Parliament, co-signed by Frans Timmermans, first Vice President of the European Commission that “over the next few weeks the Commission will engage actively with the European Parliament and the Council to take forward discussions on these issues.”

In a ten-point priority list, Juncker clearly signalled the reform of data protection and privacy and the single digital market as being on the top of priorities that will dominate ...

Read More

EDPS demands Data Protection Officers are compulsory under GDPR

ButtarelliThis week the EU’s independent privacy watchdog, the European Data Protection Supervisor (EDPS) has declared wide ranging support for the European Parliament’s version of the EU General Data Protection Regulation (GDPR) that’s the subject of trilogue negotiations between the European Commission, European Parliament and Council that may be concluded as early as end of October 2015.

However, a notable difference between the EDPS and the European Parliament’s view is the mandatory appointment by organisations and companies of a Data Protection Officer (DPO).

It’s worth noting that 35% of all EU Member States currently require the appointment of a DPO as a compulsory measure, so it would take just 16% of other EU Member States to make this the majority view within the EU.

Under Section...

Read More

DPO is ‘compliance orchestrator’ under GDPR says Working Party 29

Zubin MethaFor Working Party 29 (WP29), the role of the Data Protection Officer (DPO) under the forthcoming EU General Data Protection Regulation (GDPR) is the cornerstone of accountability as well as being a real tool of competitiveness for companies.

Tasked with the implementation of accountability tools that include the policies, procedures documentation, data protection impact assessments as well as internal training for all employees entrusted with handling customer data, the DPO is more like a ‘compliance orchestrator’ in much the same way as a conductor of a symphony orchestra, such as Parsee-born Zubin Mehta, conductor of the Israeli Philharmonic Orchestra.

In its advice note to the European Commission, European Parliament and Council of Ministers, WP29 said: “While recognising the need f...

Read More

What GDPR means for organisations and companies in 2015

Get Ready for GDPRCompanies and organisations that use data at the centre of their sales and marketing activities – and that’s just about everyone reading this blog – will be impacted by the forthcoming EU General Data Protection Regulation (GDPR).

Agreement between the European Parliament, Council of Ministers and European Commission now looks like a distinct possibility in November/December 2015 after which there’ll be a two-year transition period before sanctions begin to bite.

How the GDPR fits into an overall framework of changes within the European Union

EU Charter of Fundamental Rights

The Charter is an important development as it’s the first formal EU document to combine and declare all the values and fundamental rights (economic and social as well as civil and political) to which EU citize...

Read More

“Positive vibes” as Trilogue on GDPR begins today

Positive EU vibes2Speaking after the first Trilogue meeting today, Jan Philipp Albrecht, Rapporteur for the European Parliament said that agreement between the European Commission, Parliament and Council of Ministers may be achievable by the end of 2015 alongside the Data Protection Directive for law enforcement – the so-called EU Police Directive.

Speaking to reporters, Albrecht said: “The Trilogue (negotiations) today showed very clearly that agreement is feasible if all parties are open to compromise. All parties are committed to the timetable. The texts are actually a lot closer to each other now than we thought a few months ago.”

He was referring to the versions of GDPR that each side has as they enter negotiations over the next 6 months in order to reach agreement on the precise wording for GDPR...

Read More

European Council of Ministers in “historic step” for GDPR by end of 2015

V Jourova, European Commission describes progress on GDPR as an historic daySpeaking at a news conference a few hours ago, Věra Jourová, the European Union’s Commissioner for Justice, Consumers and Gender Equality announced that an “historic step” had been taken today as the European Council of Ministers reached agreement on the general approach on the General Data Protection Regulation (GDPR).

Latvia’s minister for justice Dzintars Rasnačs added: “We have moved a great step closer to modernised and harmonised data protection framework for the European Union. I am very content that after more than 3 years of negotiations we have finally found a compromise on the text and (GDPR)… will strengthen individual rights of our citizens and ensure a high standard of protection.”

What this means is that the Council of Ministers has political agreement on the basis of...

Read More

When bankers cry – well, they will if they fined under GDPR

unhappy.yellow.shirt_.cropped1According to Varonis (Nasdaq:VRNS), a leading provider of software solutions for unstructured, human-generated enterprise data, banks will be among the first to be hit with massive fines for falling foul of the EU’s General Data Protection Regulation (GDPR).

In a poll conducted at Cebit – Europe’s largest IT show – the company revealed the level of how unprepared the financial services sector is to life under GDPR. Notably, 50% of all respondents that took part in the survey worked within the European banking sector.

According to Varonis, despite the small sample size of 145 respondents, its survey reflects a much wide degree of how under prepared the financial services sector is as well as the nervousness that has penetrated the wider banking community.

Key survey findings:

  • 8...
Read More

How long do we need to wait for GDPR to be approved?

time-clockThe Presidency of the EU Council is in the hands of the Latvians until June and urged on by European Commission they’ve highlighted data protection reform across Europe as a key priority. Data protection reform may not grab national news headlines here in the UK but the consequences of what will become law across all 28 EU Member States will have far reaching implications for the Government put in charge of running the country after the British General Election is decided in May 2015.

As discussed in blogs on this and many other websites, the spate of data breaches and the security implications for millions of European citizens continues to grow bigger on a daily basis.

And yet those in Brussels appear incapable of pushing ahead with agreement on a single EU Regulation that rebalances th...

Read More