Filter the results
-
Adoption of two adequacy decisions for transfers of personal data to the United Kingdom
On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive respectively. Such a decision means that the personal data...
-
GDPR Certification
This page is currently not available in English. Please refer to the French version.
-
Decisions
This page is not available in English. Please refer to the French version.
-
International data transfers
Publication of new Standard contractual clauses (SCC) by the European Commission
On 4 June 2021, the European Commission published two new sets of standard contractual clauses (SCCs). The first set is intended to regulate the transfer of data from controllers or processors of the EU/EEA (subject to the GDPR) to...
-
Processing of sensitive data
Where your processing operations involve "sensitive data", special conditions may apply (examples: a data protection impact assessment, additional information to be provided to the data subject, the consent of the data subject, contractual clauses, etc.). Special categories
-
Records of processing activities
As a controller, you shall maintain a record of processing activities under your responsibility. Similarly, your processors shall maintain a record of all categories of processing activities carried out on your behalf. However, this obligation shall not apply
-
Main principles
Before data may be processed by the controller, a number of conditions of lawfulness must be met to ensure an adequate protection of privacy. When you process personal data, you must comply with the following principles: Principles of lawfulness, fairness
-
The right to restriction of processing
You notice that information concerning you is inaccurate or irrelevant. Instead of requesting the erasure of the data, you prefer a restriction. You shall have the right to obtain from the controller restriction of processing where one of the following
-
The right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you if the legal basis for processing is: the pursuit of the legitimate interests of the controller
-
Transfer of personal data from the EU to the US
Opinion of the WP29 on the EU – U.S. Privacy Shield draft adequacy decision
Following the publication by the European Commission of the draft adequacy decision on the EU-U.S. Privacy Shield and related documents, the Article 29 Working Party has conducted its assessment in light of the applicable EU data protection legal
-
Cambridge Analytica/Facebook
Cambridge Analytica: reaction of the Article 29 Working Party
“As a rule personal data cannot be used without full transparency on how it is used and with whom it is shared. This is therefore a very serious allegation with far-reaching consequences. ICO is conducting the investigation into this matter. As Chair of the Article 29 Working Party, I fully suport their investigation. The Members of the Article 29 Working Party will work together in this process."
-
First plenary meeting of the EDPB
Europe’s new data protection rules and the EDPB: giving individuals greater control
Today the European Data Protection Board (EDPB) held its first plenary meeting. This new, independent EU decision-making-body with legal personality is created by the General Data Protection Regulation (GDPR), which enters into application as of today. The EDPB succeeds the Article 29 Working Party.
-
First year of application of the EU General Data Protection Regulation
Special Eurobarometer survey on data protection
The European Commission published the results of a special Eurobarometer survey on data protection. The results show that Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated.
-
CNPD’s Open Data Protection Laboratory
DaproLab for the public research sector: DPIA and identification of (co-) data controllers and processors
On March 30, the CNPD is organizing a DaProLab session (CNPD Open Data Protection Laboratory) for the public research sector on the following topics: Data Protection Impact Assessment and Identification of (co-) data controllers and processors in the context of scientific research.
-
Sample letter by the CNPD
Exercise your right of access to the processing of personal data in criminal matters or national security matters
You have a right of access to the processing of personal data by the Police, the State Intelligence Service, the National Security Authority, the Army, the Financial Intelligence Unit and the Customs and Excise Administration.
-
CHAPTER V - Transfers of personal data to third countries or international organisations
Article 44 - General principle for transfers Article 45 - Transfers on the basis of an adequacy decision Article 46 - Transfers subject to appropriate safeguards Article 47 - Binding corporate rules Article 48 - Transfers or disclosures not authorised
-
CHAPTER X - Delegated acts and implementing acts
Article 92 - Exercise of the delegation Article 93 - Committee procedure Article 92 - Exercise of the delegation The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article. The
-
The main changes included in the Act of 27 July 2007
The main changes included in the Law of 27 July 2007
-
Related legislation
Act of 1 August 2018 (Passenger Name Records) Act of 1 August 2018 on the processing of passenger name record data in the context of the prevention
-
3.5. Derogations for specific situations
Derogations under Article 49 are exemptions from the general principle that personal data may only be transferred to third countries if an adequate level of protection is provided for in the third country or if appropriate safeguards have been adduced