GDPR: must controllers declare legal bases to processors?
ABSTRACT: must Controllers inform processors of the legal bases of processing? Prima facie no: but from a legal and business-strategic perspective the answer is very, very much more complex.
ABSTRACT: must Controllers inform processors of the legal bases of processing? Prima facie no: but from a legal and business-strategic perspective the answer is very, very much more complex.
ABSTRACT: A list of current and future "how-to" posts on practical enterprise-specific GDPR compliance using public domain objects, with optional technology anyone can build.
ABSTRACT: Each of the Article 6(1) bases interacts with other Articles and other laws in different ways, and have different hypothetical consequences. For the layperson these interactions/consequences are not always obvious.
ABSTRACT: Supervisors are interested in GDPR risks. Financial regulators are interested in financial risks. Often the latter may be derivative of the former. An obvious question arises: at what point might financial regulators become interested in data protection risks? Background: I was asked a question which for various conduct reasons I can't possibly answer in the terms asked. That said, given its resonance with similar issues I've observed in the UK and other contexts, I've reformulated it to something so generic...
Here is a modified version of a question I'm about to answer on Quora. Warning: as it says on the tin, this post is both law and IT. Don't say you weren't warned... Can copies of postcode, gender and age data be used in testing without violating the Data Protection Act or the GDPR? Such questions are becoming more and more frequent, as people begin to panic with the realization that two decades of previously unlawful behavior is now going to get...
The Three Knights are riding to the rescue! Or... is it.. the Three Stooges, or perhaps Sanchos, tilting at the windmills that seem to be spinning ever more rapidly? (yes, the GDPR does have a little dog in this race. But later...) As for my initial view? A plague on both their houses. The Three Knights do a good job, as does Professor Elliot in pointing out weaknesses. However, some of the good Professor's key points seem a trifle theoretical and, if that is right,...
Masochists, who ipso facto and ex officio collectively may approach 100% of my audience, will be aware of my flogging Vidal-Hall v Google (lower court judgment) to death on Linkedin and elsewhere. However, after 37 months it may be time for a quick overview of Vidal-Hall's impact on subsequent cases. The contagion has just spread to Scotland. Bottom line: data protection distress awards in England/Wales and Scotland alike are up by circa 4-5,000% in three years. Before Tugendhat J struck down s.13(2) Data Protection Act 1998 in Vidal-Hall, courts could only...
SR Submission to WP29 - 16-EN wp243 DRAFT DPO Guidance
For legal reasons (no not defamation or litigation!), and with apologies, I temporarily have withdrawn publication of this submission.