February

"Chairwoman of the French data protection authority (the CNIL), Isabelle Falque-Pierrotin, has long been an outspoken proponent that companies should have internal accountability mechanisms for data protection compliance. On January 13, 2015 the CNIL published a standard defining what accountability means in practice. Companies that demonstrate that they comply with the new standard will be able to obtain an ""accountability seal"" from the CNIL. The primary purpose of the CNIL 's new accountability standard is to prepare companies for the day when accountability will become a legal obligation under the future EU General Data Protection Regulation. The CNIL 's standard can help companies move forward in developing accountability programs that are likely to be in compliance with the EU Regulation, even before the Regulation 's adoption."

"Good news for all employers: The German Federal Labour Court has recently reversed the disastrous judgment of the Regional Labour Court of Berlin-Brandenburg concerning the allocation of the burden of proof with regard to assessments in employment references. In Germany, upon termination of the employment relationship employees can claim for a written employment reference that contains information about the nature and duration of their employment as well as about their performance and behavior. Normally, the overall assessment of the employee 's performance is made by using a common ""school-grade system"" (very good resp. A - good resp. B - satisfactory resp. C - adequate resp. D - inadequate resp. E). The overriding principle that employers have to take into account when creating an employment reference is the principle of truthfulness."

A bill was sent to Parliament giving the Dutch Data Protection Authority (CBP) the power to fine controllers and processors for violation of the Dutch Personal Data Protection Act and any other laws containing data protection rules on Monday, 24 November.

Interestingly, the bill also allows the CBP to fine individual employees for failure to meet their confidentiality obligations (Art. 12 PDPA). This may be the case where employees intentionally disclose personal data to unauthorized persons, an act also punishable under criminal law, but also where employees have been grossly negligent causing a data breach. Last but not least, the Dutch CBP (College Bescherming Persoonsgegevens) will change its name to the Personal Data Authority (Autoriteit Persoonsgegevens).