GDPR-readiness of EU Cloud Code of Conduct wins backing of European data protection authorities
The EU Cloud Code of Conduct, which aims to help IT buyers source GDPR-compliant cloud services, has found favour with the European Data Protection Board
Share this item with your network: By Published: 20 May 2021 13:56
An EU-backed effort to create a regulatory framework that would make it easier for IT buyers to identify and purchase cloud services that are compliant with the General Data Protection Regulation (GDPR) has found favour with the European Data Protection Board.
The EU Cloud Code of Conduct is intended to help IT buyers source cloud services from GDPR-compliant providers, and – in turn – speed up adoption of off-premise services across the continent by allaying users’ data protection concerns about using the cloud.
To embed, copy and paste the code into your website or blog:
The Federal Trade Commission (FTC) continues to put emphasis on the importance of corporate board involvement in privacy and data security.
US News
Corporate Boards: Don’t Underestimate Your Role in Data Security Oversight
The Federal Trade Commission (FTC) continues to put emphasis on the importance of corporate board involvement in privacy and data security. It states, “[I]t’s essential for corporate boards to do what they can to ensure that consumer and employee data is protected.” The FTC’s recent statement includes five recommendations for corporate boards: (1) make data security a priority, (2) understand the cybersecurity risks and challenges your company faces, (3) don’t confuse legal compliance with security, (4) it’s more than just prevention – take reasonable precautions, and (5) learn from mistakes.
To embed, copy and paste the code into your website or blog:
In a recent judgment of April 26, 2021, the Belgian Data Protection Authority (“DPA”) fined a financial institution (the “Company”) €100,000 for – amongst other things – failure to provide an adequate level of cybersecurity. This is the second highest fine to date and should serve as a huge warning for all companies: The return on investment in cybersecurity is worth your while!
Additionally, the DPA adopted a more functional approach on combining the role of data protection officer (“DPO”) with other leading functions within a company. A lot to cover!
1. Facts
The case started with a complaint from a former spouse (“Complainant”) against the Company, as employer of her ex-husband. During the process of liquidating their joint estate, the ex-husband had used his access to the Central Individual Credit Register (“CICR”) of the National Bank of Belgium to research the personal/financial data of h
To embed, copy and paste the code into your website or blog:
In a decision of April 28, 2020, the Belgian Data Protection Authority (DPA) imposed a fine of €50,000 in a case where a data protection officer (DPO) also performed an incompatible function. According to the DPA, a DPO cannot hold a (managerial) position within the organization in which he or she can determine the purpose and/or means of the processing of personal data.
However, almost exactly one year later, in a decision of April 26, 2021, the DPA seems to have adopted a more pragmatic approach on the functions performed by a DPO within an organization.
To fight the COVID-19 pandemic, the EU Commission is setting up a vaccine passport system (the so-called Digital Green Certificate ) to enable European citizens to travel easily and safely within the European Union in Summer 2021. This article examines whether Belgian companies may also use these certificates for other purposes (eg, to authorise or prohibit access to private places depending on a citizen s vaccination status).
What is the Digital Green Certificate system?
The EU Commission has published a proposed regulation which details the use of these certificates and how they will work. Three types of certificate will exist:
one for vaccinated citizens (the vaccination certificate);