Cristina Sánchez-Tembleque Cayazzo

📕 🧠 TechDispatch on #Neurodata by EDPS - European Data Protection Supervisor and Agencia Española de Protección de Datos - AEPD This publication is a brief report produced by the Technology and Privacy Unit of the EDPS - European Data Protection Supervisor. It aims to provide a factual description of an emerging technology and discuss its possible impacts on #privacy and the protection of #personaldata.

33

Inside the mind of a Data Protection Officer (DPO), several key priorities and concerns are consistently at play: 1. Regulatory Compliance: A DPO is always thinking about how to ensure compliance with various data protection laws, such as the GDPR, PDPL, and other relevant regulations. They need to stay updated on regulatory changes and assess the impact on their organization. 2. Risk Management: Identifying and mitigating risks related to personal data processing is a major focus. This includes assessing where vulnerabilities exist and finding ways to minimize potential breaches or data loss. 3. Data Governance: Implementing and maintaining effective data governance structures is essential. DPOs think about how to manage data throughout its lifecycle, from collection to deletion, ensuring it’s done lawfully and securely. 4. Privacy by Design: Embedding privacy considerations into every new project, system, or process is always on the DPO’s mind. This includes reviewing processes for adequate data minimization, purpose limitation, and consent management. 5. Incident Response: A DPO is often preparing for potential data breaches or privacy incidents, ensuring there’s a robust incident response plan in place, complete with timely notifications to regulators and affected individuals. 6. Stakeholder Engagement: A DPO must collaborate with various departments, such as IT, legal, HR, and compliance, to ensure the organization’s privacy practices are aligned and enforced across all areas. 7. Data Subject Rights: Managing data subject access requests, requests for data erasure, or correction is an ongoing concern. Ensuring that the organization is ready to respond to these in a timely and lawful manner is crucial. 8. Ethical Considerations: Beyond legal compliance, DPOs often think about the ethical aspects of data use. They consider how to build trust with customers and ensure that personal data is handled transparently and responsibly. 9. Training and Awareness: A DPO is concerned with the overall privacy culture of the organization, thinking about how to raise awareness and provide adequate training to employees about data protection responsibilities. 10. Technology and Security: DPOs need to stay informed about technological advancements, ensuring that security measures like encryption, anonymization, and access controls are up-to-date and appropriate for the organization’s data protection needs. For a DPO, it’s a constant balancing act of ensuring compliance, mitigating risks, protecting individual rights, and aligning privacy with the strategic goals of the organization. Anything else?

85

13 comentarios

The eIDAS regulation was established in 2016 and is the cornerstone of EU guidance relating to the use of electronic signatures, establishing a framework that ensures their legal validity and security. In this guide we answer the most common questions relating to eIDAS, including the benefits of the regulation, legality, and the upcoming eIDAS 2.0. To find out more, please visit ➡ https://lnkd.in/gT2RaNcS #esignatures #eidas #esign #euregulation

6

On September 2, 2024, the European Data Protection Board ("EDPB") published on its official website the news that the complainant in this case, whose employment contract had been terminated, requested access to their payroll information for July 2022. In response to this request, the controller sent an email to the complainant with an attached PDF document containing his payroll and the payroll of 446 other staff members.  #gdpr  #edpb  #data  #dataprotection  #spain  #legal  #compliance  #bulletin  #legalnew  #regulation  #advocacy  #law  #zumbullaw https://lnkd.in/dHH8tCeV

1

🚨 Important Update: EDPB's Final Guidelines on Law Enforcement Directive Article 37 🚨 On June 19, 2024, the European Data Protection Board (#EDPB) published the final version of Guidelines 01/2023 on Article 37 of the Law Enforcement Directive (#LED). These guidelines define the legal standards for appropriate safeguards to be applied by competent authorities when transferring personal data to third countries and international organizations. Key Highlights of the Guidelines: Legal Mechanisms for Transfers The guidelines emphasize the importance of selecting a legal mechanism for data transfers, ensuring compliance with Article 37 LED. This involves understanding the operation of transfer mechanisms in a cascade, with preference given to legally binding instruments. Contents of Legally Binding Instruments The guidelines outline the necessary elements and structure of legally binding instruments, which should include: - Specific data protection rules - Clear definitions and purposes of data processing - Provisions ensuring data accuracy, minimization, and security - Conditions for onward transfers and data subject rights Assessing Transfers Under Article 37(1)(b) LED For cases where a legally binding instrument is not used, the guidelines provide detailed steps for assessing the appropriateness of safeguards in third countries. This involves a thorough risk assessment, taking into account the specific circumstances and potential impacts on data subjects' rights and freedoms. Enhanced Accountability Obligations Competent authorities must assume enhanced accountability obligations, including: - Maintaining detailed records of transfer assessments - Regularly reviewing and updating safeguards - Cooperating with supervisory authorities to ensure compliance Practical Steps for Compliance Conduct Risk Assessments: Regularly evaluate the risks associated with data transfers to third countries, focusing on potential impacts on data subjects. Develop Legally Binding Instruments: Where possible, establish legally binding agreements that include comprehensive data protection safeguards. Ensure Transparency: Provide clear information to data subjects about how their data is processed and transferred, including their rights and available remedies. Maintain Detailed Records: Keep thorough records of all transfer assessments and decisions, ensuring they are accessible for review by supervisory authorities. Impact on Law Enforcement Authorities The guidelines are designed to ensure that transfers of personal data by law enforcement authorities within the EU adhere to high standards of data protection. This is crucial for maintaining trust and ensuring the fundamental rights of individuals are respected. For more detailed information, refer to the full guidelines provided by the EDPB in the comment below. #DataProtection #EDPB #LawEnforcementDirective #LED #CyberSecurity #Privacy #ITGRC #ITGRCAdvisory #BWAdvisory #AkademiaITGRC

3

1 comentario