EDPB Releases New Guidance: When Can Companies Rely on the Need to Fulfill the Terms of a Contract as a Legal Basis to Process?

On April 12, 2019, the European Data Protection Board (“EDPB”) published draft guidelines on the legal basis for processing personal data that involves providing online services to data subjects (the “Guidelines”). Specifically, they discuss when companies can rely on Article 6(1) – that processing can take place in the context of fulfilling the terms of a contract – and what conditions must be established to do so. The Guidelines make clear that this basis is narrower than it is often interpreted to be, and that companies must take care that they meet certain requirements. Background To lawfully process data, companies must establish one of six legal bases articulated in Article…

READ MORE

Framework for GDPR Fines Published by the Dutch Authorities

The Dutch Data Protection Authority (AP) has announced a new policy for determining the fines to be imposed for violations of the General Data Protection Regulation (GDPR) and its national implementing act. The AP’s assessment will first take into account the maximum amounts specified by the European Regulation: either 10 million euros or 2% of the annual worldwide turnover, or 20 million euros or 4% of the annual worldwide turnover, depending on the violation incurred. Violations that are subject to fines are divided into three or four categories designed by the data protection authority to take into account the weight of the breached requirements, with each assigned a…

READ MORE

Achieved Chats: What the Heck is a GDPR Data Map?

What the heck is a GDPR data map? Where do I begin with processing records? Don’t worry. We’ve got answers! Achieved Compliance’s President Melise Blakeslee will demonstrate what they are, show you how to use them, cover how to properly maintain and document your processing activities, and explain why both are essential to your data compliance under all privacy regimes.

READ MORE