data protection | In Principle

Go to content
Subscribe to newsletter
In principle newsletter subscription form

data protection

Public procurement in the GDPR era
Contracting authorities have to bear in mind that protected personal data are processed in their procedures. Procedure documentation has to comply with new laws now that the GDPR is in effect.
Public procurement in the GDPR era
Employers must maintain a record of processing activities
Today (24 May 2018) is the last day for adjusting business operations to comply with the new requirements of the General Data Protection Regulation. The Article 29 Data Protection Working Party takes the view that under the GDPR, practically all employers must maintain a record of processing activities with respect to their employees’ data.
Employers must maintain a record of processing activities
A clean criminal record is no longer sensitive information
The EU’s General Data Protection Regulation enters into force tomorrow (25 May 2018). The GDPR changes the legal classification of data contained in certificates of a clean criminal record. Unlike other changes in the GDPR, this change represents a step toward liberalisation. How will data of this type be treated?
A clean criminal record is no longer sensitive information
Medical data—keep or delete?
From 25 May 2018 Polish healthcare institutions will face conflicting rules on how to handle medical documentation under the EU’s General Data Protection Regulation and Polish healthcare laws. The inconsistencies could be eliminated by the new Personal Data Protection Act, but it appears unlikely that work on the new act will end on time. So what should institutions do to limit their regulatory risk?
Medical data—keep or delete?
How will the new ePrivacy Regulation affect the operation of websites?
The General Data Protection Regulation entering into force on 25 May 2018 is not the only privacy revolution in store for the EU. The proposed ePrivacy Regulation is also generating greater and greater controversy and may change the shape of the internet as we know it.
How will the new ePrivacy Regulation affect the operation of websites?
Privacy Shield has been in operation for a year, but will it continue?
The first year of functioning of the Privacy Shield programme will soon end. A review of the programme is scheduled for September 2017. It is designed to be a thorough verification of whether the programme meets the hopes pinned on it and effectively ensures adequate protection of personal data by American recipients of data registered for the programme. The review should also determine the future direction for development of the programme and identify areas requiring improvement.
Privacy Shield has been in operation for a year, but will it continue?
Privacy Shield up and running
On 12 July 2016 the European Commission adopted a decision under Directive 95/46/EC on the adequacy of the protection provided by the EU–US Privacy Shield, confirming that entities operating in the United States that meet the conditions specified in the Privacy Shield programme will be deemed to provide an adequate level of protection of personal data. This means that it will be permissible to forward personal data to such entities without the need to apply other mechanisms to ensure adequate protection of the data, such as binding corporate rules or approval of the data protection authority.
Privacy Shield up and running
New era for personal data protection
Work is underway on a General Data Protection Regulation for the EU. The changes expected in the new legislation will be important for outsourcing companies. Among the planned changes, there will be severe sanctions for violation of data protection regulations.
New era for personal data protection
Transfer of personal data to the United States: Privacy Shield v Safe Harbour
Invalidation of the Safe Harbour decision created a gap in the system for transfer of data from Europe to the US. The question arose of how to evaluate the legality of existing data transfer practices based on Safe Harbour, and what rules to apply in the resulting vacuum.
Transfer of personal data to the United States: Privacy Shield v Safe Harbour
End of the Safe Harbour programme: What next?
The Court of Justice has issued a judgment invalidating the European Commission’s Safe Harbour decision. This means that participation in the Safe Harbour programme by US entities is no longer grounds for European companies to transfer personal data of EEA citizens to the United States.
End of the Safe Harbour programme: What next?
Drones and data protection
The increasing commercial use of drones raises legal aspects of the operation of unmanned aerial vehicles. In this article we focus on one of the most hotly debated legal issues related to drones: the use of drones in light of regulations on protection of personal data.
Drones and data protection
New Council of Europe recommendation on processing of employee’s personal data in light of new technologies
The new recommendation on processing of data for purposes of employment is designed to meet challenges posed by greater digitisation.
New Council of Europe recommendation on processing of employee’s personal data in light of new technologies