Article 29 Working Party (WP29) has published several guidelines under the GDPR and such guidelines contain recommendations regarding best practices that are regarded by the authorities as compliant with the requirements of the GDPR. In this post, I have collected such recommendations. 

Data protection rules such as the EU's new General Data Protection Regulation (GDPR) apply to personal data. But what does personal data mean? According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable…

Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 (GDPR) were published at the end of October by the Article 29 Working Party (WP 29). In my previous post, I have outlined the principles set out in the Guidelines. In this post, I give a…

The high amount of the administrative fine, which can reach a maximum amount of EUR 20 million or, in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, makes it extremely important for data controllers and data processors to be prepared for…

The General Data Protection Regulation (GDPR or Regulation) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment (DPIA). Last week, I summarised the basic rules of DPIAs and collected those cases when DPIAs need to be…

The General Data Protection Regulation (GDPR or Regulation) is applicable from May 25, 2018 and, for this purpose, many data controllers must perform a data protection impact assessment. The data protection impact assessment has been applied in some Member States of the European Union (e.g. UK,…

Several supervisory authorities have started to issue step plans to help data controllers in the preparation for the application of the EU General Data Protection Regulation (GDPR). In April, the Dutch Authority (Autoriteit Persoonsgegevens) issued its step plan consisting of 10…

The official guidelines for the application of the EU Uniform Data Protection Regulation (Regulation 2016/679, "Regulation" or "GDPR") have been launched to help interpret the rules of the Regulation. In addition to the numerous published publications, blog posts and opinions, the official positions…