The Article 29 Working Party has recently released several new documents of interest to companies that collect and process data about EU residents and who move data from the EU to the United States. First, the Working Party released “Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data.” Binding Corporate Rules (often referred to as BCRs) are one mechanism available to companies to support the legal transfer of data outside the European Economic Area. Article 45 of the GDPR requires that data transferred to a country which has not been deemed to provide an adequate level of data…
Not Just for Large Multinationals: U.K. Information Commissioner’s Office and Article 29 Working Party Issue GDPR Guidance for Small Businesses
Smaller companies take note – the U.K. Information Commissioner’s Office (ICO) and the Article 29 Working Party have highlighted that all companies must comply with the General Data Protection Regulation (GDPR) regardless of size, and recently issued special guidance for smaller businesses. The GDPR, a law that places new obligations on organizations that collect and process data about European residents, comes into effect May 25, 2018. In a recently published set of FAQs, the ICO addresses key issues raised by the GDPR in the context of small businesses, including criteria for imposition of monetary sanctions; security; determining whether your organization is a processor or controller under the terms…
“Legitimate business interest” is one of several legal bases to process data articulated by the EU’s General Data Protection Regulation (GDPR) – and probably the least understood.
Consumer consent to the collection and processing of their information has been a cornerstone of data protection practices. The General Data Protection Regulation lists it as one of several ways companies can establish a legal basis to process data.
Companies that must meet requirements of the EU’s General Data Protection Regulation face new compliance challenges. The regulation’s provisions on accountability represent a new approach to data protection and management.