18 December 2017 at 1:34pm
The Article 29 Working Party has published its draft guidelines on transparency. For those of us who have already been working on GDPR privacy notices, there don’t seem to be any surprises: this is largely a compilation of the relevant sections of the Regulation and other guidance.
15 December 2017 at 9:16am
The Article 29 Working Party of European Data Protection Supervisors has published draft guidance on consent under the General Data Protection Regulation. Since the Working Party has already published extensive guidance on the existing Data Protection Directive rules on consent, this new paper concentrates on what has changed under the GDPR.
8 December 2017 at 11:12am
The Article 29 Working Party have conducted a brief consultation on draft guidance on Automated Processing that, surprisingly, reverses all previous legal interpretations I've found. GDPR Article 22 is one of several that begin "The data subject shall have the right", in this case:
4 December 2017 at 10:25am
Last week I spoke at the UCISA CISG-PCMG conference on some of the tools we have been using within Jisc to apply the requirements of the GDPR. UCISA has now published a recording of the session, as well as a copy of my slides.
23 October 2017 at 4:28pm
Although privacy notices are an important aspect of the General Data Protection Regulation, it seems unlikely that we will have final guidance from regulators for several months.
25 July 2017 at 10:48am
Jisc provides a lot of different services: too many for us to look at each one from scratch before the General Data Protection Regulation comes into force next May. Instead, we've identified four different patterns that seem to cover the majority of services. We hope that having a common set of expectations for each pattern will simplify discussions with service managers, customers and users.
5 July 2017 at 9:59am
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and equipment. The guidance considers the requirements under both the Data Protection Directive and, from next year, the GDPR.
2 June 2017 at 2:37pm
To mark one year to go till the General Data Protection Regulation comes into force, we've published an article on "How Universities and Colleges Should be Preparing for New Data Regulations" on the Jisc website.
5 June 2018 at 11:28am
I've been trying to produce a visual image to capture the twelve steps to GDPR compliance. For details of the individual steps see:
23 May 2017 at 9:59am
The Article 29 Working Party's final guidance on implementing the right to portability is a significant improvement on the previous draft.
Subscribe to GDPRprocess