August

The UK Government has launched a call for views on the GDPR derogations to ensure that the GDPR does not place unnecessary burdens on business.
 
The opportunity will be of particular interest to organizations that deal regularly with sensitive personal data, particularly in healthcare, life sciences and scientific research.
 
Where GDPR (or existing local law) may be insufficiently clear concerning whether a particular processing scenario is permitted, this is an opportunity for businesses to place their arguments before the UK Government and seek to ensure future compliance.

A brief by Digital Clarity Group uncovers the key provisions of the General Data Protection Regulation (GDPR), and provides a guide to kick-starting critical discussions, both internally and with vendors and service partners.

It notes that for affected firms, every single business process that touches personal data will have to be very carefully reviewed and, in all likelihood, redesigned to comply with the GDPR. It offers a discussion on how companies should build internal awareness of the challenges and opportunities that GDPR poses, and that includes the importance of selecting the right technologies and forming deep partnerships with outside suppliers.

Privacy professionals and data protection officers (DPO) will need to know about changes that the EU's Article 29 Working Party has made to GDPR application guidance documents, including that a company's DPO should be located in Europe, the scope of a DPO's responsibility, and who the DPO reports to.

IAPP's publication, Privacy Tracker, also provides guidance on how data controllers should avoid adversely affecting the rights and freedoms of third parties when complying with the right to data portability, specifically how they may not hinder accessibility or provide excessive delays of data access through inappropriate fees, lack of interoperability or access to a data format.