German Data Protection Authority. No Grace Period on EEA Data Transfers to the US On July 28, 2020, German supervisory authorities (Datenschutzkonferenz, the “DSK”) issued a statement emphasizing that organizations that rely on Standard Contractual Clauses (“SCCs”) or Binding Corporate Rules (BCRs”) must implement additional safeguards to lawfully transfer personal data to third countries. In keeping with the Court of Justice of the European Union CJEU’s judgment of 7/16, and the European Data Protection Board EDPB FAQ Memo of 7/20, the German DSK statement affirmed it’s intent of enforcing GDPR under the framework of the Court’s ruling, and with no grace period to comply. The highlights of the German DSK statement are: Organizations receiving transfers of EU Personal Data outside of the European Economic Area…
.@EU_Commission published for comment a draft of new standard contractual clauses for transfer of data from the EU, pursuant to the GDPR. Final version expected in Q1 2021. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12741-Commission-Implementing-Decision-on-standard-contractual-clauses-for-the-transfer-of-personal-data-to-third-countries
UK ICO launched a public consultation on its draft Statutory Guidance (https://ico.org.uk/media/about-the-ico/consultations/2618333/ico-draft-statutory-guidance.pdf). It provides an overview of the ICO’s powers, how it intends to regulate & enforce data protection legislation in the UK & how it will calculate fines. Consultation closes 11/12/2020.
Belgian DPA has released its 2019 Annual Report. In 2019 the #DPA imposed its first fines under the #GDPR and issued the Belgian DPA’s 2019-2025 Strategic Plan: https://www.huntonprivacyblog.com/2019/12/27/belgian-dpa-releases-draft-2019-2025-strategic-plan/