All posts in Privacy Shield

Key EDPB (European Data Protection Board) Documents for GDPR

Daniel Solove
Founder of TeachPrivacy

EU Article 29 Working Party GDPR Guidance

The EDPB (European Data Protection Board) was created by the EU Data Protection Directive in 1996.  Its purpose is to provide advice, opinions, and guidance about data protection.  The EDPB (European Data Protection Board) is composed of a representative from each EU member state.

Below are some of the most important guidelines to be issued by the EDPB (European Data Protection Board) about the General Data Protection Regulation (GDPR).

Right to Data Portability (WP 242)

Guidelines on the right to “data portability” (wp242rev.01)

Data Protection Officers (WP 243)

Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

Continue Reading

Key WP29 Documents for GDPR

Daniel Solove
Founder of TeachPrivacy

EU Article 29 Working Party GDPR Guidance

The Article 29 Working Party was created by the EU Data Protection Directive in 1996.  Its purpose is to provide advice, opinions, and guidance about data protection.  The Article 29 Working Party is composed of a representative from each EU member state.  The General Data Protection Regulation (GDPR) will replace the Working Party with the European Data Protection Board (EDPB).

Below are some of the most important guidelines to be issued by the Article 29 Working Party (WP29) about the General Data Protection Regulation (GDPR).

Right to Data Portability (WP 242)

Guidelines on the right to “data portability” (wp242rev.01)

Data Protection Officers (WP 243)

Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

Continue Reading

Beyond GDPR: The Challenge of Global Privacy Compliance — An Interview with Lothar Determann

Daniel Solove
Founder of TeachPrivacy

For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the lead role in guiding the practices of multinational organizations. These days, it is the new General Data Protection Regulation (GDPR) from the EU that has been the focus of privacy professionals’ days and nights . . . and even dreams.

As formidable as the GDPR is, only aiming to comply with the GDPR will be insufficient for a worldwide privacy compliance strategy. True, the GDPR is one of the strictest privacy laws in the world, but countries around the world have other very strict laws. The bottom line is that international privacy compliance is incredibly hard.privacy, privacy training, GDPR

This is what Lothar Determann focuses on. For nearly 20 years, Determann has combined scholarship and legal practice. In addition to being a partner at Baker & McKenzie, Lothar has taught data privacy law at many schools including Freie Universität Berlin, UC Berkeley School of Law, Hastings College of the Law, Stanford Law School, and University of San Francisco School of Law. He has written more than 100 articles and 5 books, including a treatise about California Privacy Law.

Hot off the press is the new third edition of Lothar Determann’s terrific guide, Determann’s Field Guide to Data Privacy Law: International Corporate Compliance.  Determann has produced an incredibly useful synthesis of privacy law from around the globe. Covering so many divergent international privacy laws could take thousands of pages, but Determann’s guide is remarkably concise and practical. With great command of the laws and decades of seasoned experience, Determann finds the common ground and the wisest approaches to compliance. This is definitely an essential reference for anyone who must navigate privacy challenges in the global economy.

Continue Reading

Preparing for GDPR: A Year to Batten Down the Hatches

Daniel Solove
Founder of TeachPrivacy

The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018.  The GDPR strengthens privacy protections in the EU and includes a number of additional rights and responsibilities.

Continue Reading

GDPR Cartoon: Taking Privacy Seriously

Daniel Solove
Founder of TeachPrivacy

cartoon-gdpr-training-privacy-shield-training-02

I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy.  More work gets thrown onto the shoulders of under-resourced privacy departments.

It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization.  Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018.  It’s never too early for organizations to start preparing.  GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases.  For more information, see the FAQ page I created about the GDPR and privacy awareness training.

Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take.  Privacy office budgets and sizes should be going up by a lot these days.

Continue Reading

Privacy Shield Training

Daniel Solove
Founder of TeachPrivacy

Privacy Shield Training Course

I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework.  Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US.  Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in the case of Schrems v. Data Protection Commissioner.

Continue Reading