German Data Protection Authority fined a company for having the IT manager appointed as Data Protection Officer – A greater risk under the European General Data Protection Regulation?
As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield to the U.S. Department of Commerce
On March 1, 2016 the German Federal Court of Justice ruled on the duty of an online review portal operator to verify reviews.
With the GDPR set to become effective mid-2018, companies would be wise to assess sooner rather than later how the GDPR will affect their business models and data processing practices and start formulating a Game Plan to address the transitional steps they would need to take locally, regionally and globally to become GDPR compliant.
In a recent decision, the Court of Justice of the European Union (ECJ) determines how the term “establishment” used in the EU Data Protection Directive 95/46/EC must be interpreted and thereby on the applicability of national data protection law in cases with a cross-border context as well as on the power of national data protection authorities in this regard. This has practical implications.
The Court of Justice of the European Union, following the opinion of the Advocate General, invalidated European Commission Decision 2000/520 dated July 27, 2000, which allowed transfers of personal data to US companies that self-certified under the US/EU Safe Harbor Program.
The Bavarian Data Protection Authority (DPA) in Germany has fined two implicated companies – both seller and purchaser – for unlawfully transferring customer data as part of an asset deal.