The Article 29 Working Party has published its draft guidelines on transparency. For those of us who have already been working on GDPR privacy notices, there don’t seem to be any surprises: this is largely a compilation of the relevant sections of the Regulation and other guidance. In particular, it seems to have been strongly […]
Concern has sometimes been expressed whether the General Data Protection Regulation’s (GDPR) requirement to notify individuals of all processing of their personal data would cause difficulties for security and incident response teams. These activities involve a lot of processing of IP addresses, which the GDPR and case law seem to indicate will normally count as […]
For those who couldn’t make it to the Jisc GDPR conference last week (and those who did, but want a refresher) the slides are now available. Presenters were told to ensure they gave lots of practical advice, so whether you want ideas on GDPR in Further Education or Research; need to work on an asset […]
The Article 29 Working Party of European Data Protection Supervisors has published draft guidance on consent under the General Data Protection Regulation. Since the Working Party has already published extensive guidance on the existing Data Protection Directive rules on consent, this new paper concentrates on what has changed under the GDPR. The first message is […]
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential 🙂
The Article 29 Working Party have conducted a brief consultation on draft guidance on Automated Processing that, surprisingly, reverses all previous legal interpretations I’ve found. GDPR Article 22 is one of several that begin “The data subject shall have the right”, in this case: The data subject shall have the right not to be subject […]
[Update: a Government amendment to Clause 6 of the Bill appears to confirm that this is their intended interpretation :)] The new Data Protection Bill seems to bring clarity to the question of which legal bases will be available to educational institutions under the General Data Protection Regulation: Clause 6(1) of the Bill states that […]
Last week I spoke at the UCISA CISG-PCMG conference on some of the tools we have been using within Jisc to apply the requirements of the GDPR. UCISA has now published a recording of the session, as well as a copy of my slides. The previous day, I did a more detailed presentation on one […]