19th Newsletter -> 12 - 18 November 2016

GDPR Compliance to Requires 75,000 DPOs Worldwide


The General Data Protection Regulation will take effect in May 2018. One of the most important GDPR’s changes is the requirement for data protection officer (DPO) for public authorities and companies processing personal data on a “large scale”. An IAPP earlier this year published a study that estimated that when the GDPR takes effect at least 28,000 DPOs will be needed in Europe and the United States alone. This week IAPP applied a similar methodology worldwide and has estimated that as many as 75,000 DPO positions will be created in response to the GDPR.

The position of a DPO is by law independent from the organisation that funds it. Due to its uniqueness it may appear foreign to organisations doing business outside the EU. As organisations globally look to come into compliance with the GDPR, they will have to make certain decisions about who will fill the role, to whom that role will report, and how that role will operate inside the organisation.


Read more HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



UK Passed a Controversial Surveillance Law 


The UK has just passed a law, which substantially expands surveillance powers of national authorities. The new law, also nicknamed "snoopers' charter”, was introduces by Theresa May in 2012 and it took two attempts to get passed into law. The law requires Internet providers to record every internet customer's top-level web history in real-time for up to a year and to make available that data on request to government departments. The law also enablse authorities to force companies to decrypt information on demand and to disclose any new security features in products before the launch. The intelligence agencies will have the equipment interference power, meaning that they can hack into computers and devices of citizens, but some professions are subjected to better protection.

The new law provides some safeguards, such as “double lock” system, which requires the secretary of state and an independent judicial commissioner to agree on a decision to carry out search warrants. Furthermore a new investigatory powers commissioner will supervise the use of the powers.


Read more HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



German DPAs Launch a Survey on International Data Transfer


Under coordination of the Bavaria’s DPA, ten German state and city DPAs, have undertaken a survey of international transfer practices of 500 companies. The selection process of companies will be randomised in order to represent different sizes of companies in various sectors. During the survey selected companies will be asked to fill in a questionnaire that will provide details of their data transfers to third countries, and how they have ensured an adequate level of protection. The companies will be asked about their transfers to the US and other third countries, and required to fill in details about their use of cloud services, marketing, customer relationship management, communication services, recruitment etc. The reason behind the survey is that the number of international transfers has greatly increased in the past years. , and the survey will enable DPAs to evaluate whether a thorough investigation is needed in some cases.


Read more HERE


Read the Press Release HERE (in german)

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________


UK ICO Issues Another Fine for Unsolicited Marketing Practices 


This week UK Information Commissioner Office issued another fine to a company called Assist Law, based in Weston-super-Mare, Somerset, that made unsolicited marketing calls to people registered with the TPS (Telephone Preference Service) for over a year. ICO conducted an investigation into business practices of Assist Law based on nearly 100 complaints made by TPS subscribers. The investigation ended with today’s fine of £30,000 for Assist Law. ICO discovered that the company made calls using information from a third party company, which claimed people on its calling list had consented to being telephoned, but this was not the case.


Read more HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________