The EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities

On September 26th, 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that should be subject to a DPIA (Article 35(4) GDPR) and the consistency mechanism provided for by Articles 35(6) and 64(1)(a) GDPR, are in line with previous Article 29 Working Party (“WP29”) Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 issued on the 4th of April 2017 and modified on the 4th of October (hereinafter referred to as “WP248“). The EDPB Opinions and the previous Guidelines identify and harmonise a number of processing operations for which a DPIA is definitely required, in order to ensure a consistent application of the data protection rules throughout the Union.

Read the full article here.

News

Outcomes and key themes from ICT 2018 Session on Cybersecurity as key for a Digital Economy and Society

On 5 December 2018, the Digital Single Market of the European Commission sponsored a session on the topic of “Cybersecurity as key for a Digital Economy and Society”. The highly-popular session (over 90 attendees) took place on 5 December 2018 within the flagship ICT2018 Conference in Vienna, Austria.

Khalil Rouhana, Deputy Director General, EC – DG CNECT, kicked off the session with an overview of some of the most pressing issues of the day in cybersecurity: