In focus EU proposed data protection Regulation
|
|
- Chloe Walsh
- 6 years ago
- Views:
Transcription
1 In focus EU proposed data protection Regulation Less than adequate cross-border data transfers under the proposed Regulation The restriction on cross-border transfers of personal data is perhaps one of the best known features of the existing European data protection framework, notwithstanding that few data subjects will ever have heard of it. In practice, of course, the cross-border transfer of personal data has become increasingly commonplace, in parallel with the proliferation of connected IT systems and the trend towards globalisation, so the restriction has particular significance. The principle that personal data should not be transferred outside the European Economic Area, to countries that do not offer adequate protection of personal data, in practice requires data controllers to put in place some form of adequate safeguards this could involve the execution of model contractual clauses between exporter and importer, or putting in place binding corporate rules. Alternatively, in limited circumstances data controllers can instead rely on one of the narrowly construed derogations to the principle, such as consent or performance of a contract. Achieving compliance with the restriction on cross-border transfers presents considerable administrative challenges, and huge costs, for businesses operating across borders. Many (including businesses, data protection authorities and governments) hoped for significant reform of the restrictions on cross-border transfers set out in Directive 95/46/EC (the Directive). However, as this article examines, for the most part the existing regime, and a great many of its flaws, will survive under the proposed Regulation.
2 2 Less than adequate cross-border data transfers under the proposed Regulation May 2012 What happens today? Transfers to third countries are restricted under Chapter IV (Transfer of Personal Data To Third Countries) of the Directive. Article 25 provides that data can only be transferred to a third country where it ensures an adequate level of protection. The adequacy of a country is assessed in light of all the circumstances surrounding a data transfer, by reference to certain criteria, such as the nature of the data and the purpose of the transfers, as well the rules of law in force in the third country and the professional rules and security measures which are complied with in that country. So-called derogations to Article 25 permit transfers to third countries not ensuring adequate protection to take place on condition that: the data subject has given his consent unambiguously; the transfer is necessary for the performance of a contract between the data subject and data controller; the transfer is necessary for the performance of a contract in the interest of the data subject between the data controller and a third party; the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims; the transfer is necessary in order to protect the vital interests of the data subject; or the transfer is made from a public register. Adducing adequate safeguards to the protection of personal data may be used as an alternative to relying on a derogation. These can include appropriate contractual clauses, including those prescribed by the Commission (often referred to as model clauses ), which are recognised in the Directive. Other than relying on a self-assessment of adequacy by a data controller, where this is permitted (most member states do not recognise this), this is by far the most commons means employed by businesses operating across borders to legitimise transfers. Although there is arguably no requirement under the Directive to notify or obtain prior authorisation from the supervisory authority in relation to any transfer outside the EEA, this requirement has been introduced across the majority of EU member states, including France and Spain, by virtue of national implementing legislation. These processes can take anywhere between two weeks and more than six months to complete and can be incredibly onerous, for example requiring the production of translations, board minutes or powers of attorney demonstrating the authority of persons to sign, as well as legalisation of documents. Binding corporate rules are not specifically recognised, but have been recognised by the A29 Working Party and by various national data protection authorities and have been approved to legitimise cross-border transfers intra-group by a small and pioneering band of international companies, including Accenture, Citibank, ebay, Hyatt Hotels and JPMorgan.
3 3 Less than adequate cross-border data transfers under the proposed Regulation May 2012 How does the proposed Regulation change this? Cross-border flows of personal data are necessary for the expansion of international trade and international co-operation. The increase in these flows has raised new challenges and concerns with respect to the protection of personal data. However, when personal data are transferred the level of protection should not be undermined. (Recital 78 to the proposed Regulation) It is clear from Recital 78 that the overriding principle behind the restrictions on cross-border transfers remains the same. The new rules on cross-border transfers are set out in Chapter V (Transfer of Personal Data to Third Countries or International Organisations). Harmonisation One of the greatest overall benefits of the new Regulation, harmonisation, should relieve considerably the burden on data controllers undertaking cross-border transfers outside the EEA. For data controllers operating across several EU member states, the diversity of national rules implementing Article 25 currently requires a country specific approach, which can involve undertaking filings in relation to what is effectively a single cross-border transfer with several separate data protection authorities. The introduction of the Regulation, which will be directly applicably across member states, should at least alleviate inconsistencies across jurisdictions. This feature of the Regulation, however, is subject to challenge in some member states, where it is considered that it would constitute an unwelcome (and, potentially, unlawful) dilution of existing national rules. Overall framework The general prohibition on transfers to countries which lack adequacy is replaced with a general prohibition on cross-border transfers except by means of one of three broad mechanisms: (i) reliance on an adequacy decision; (ii) adducing appropriate safeguards ; or (iii) the application of a derogation. This slight re-structuring of the rules is not of much significance.
4 4 Less than adequate cross-border data transfers under the proposed Regulation May 2012 Adequacy The conditions for issuing adequacy decisions have been reformed. They are more specific and now include consideration of: (i) effective and enforceable rights of data subjects, including effective administrative and judicial redress for data subjects; (ii) the existence and effective functioning of an effective supervisory authority in the third country; and (iii) the international commitments the third country or international organisation has entered into. The procedure for making adequacy decisions will be streamlined. The A29 Working Party (the current group of representatives of national regulators) has suggested that it, as the new body representing national supervisory authorities that is to be formed under the Regulation, the European Data Protection Board, should be consulted on adequacy decisions (A29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, 23 March 2012). In addition, under the Regulation adequacy decisions could be applied to a sector, a territory within a country or an international organisation, as opposed to an entire country. Existing adequacy decisions will remain in force. In addition, the US safe harbor framework will remain in place for the time being at least. The ability of data controllers to self-assess adequacy, which exists at least in some EU member states (including the UK), will be withdrawn. This is a move which has been criticised by the UK Information Commissioner: We would prefer the Regulation to take an approach to international transfers that is very much based on data exporters assessing risk and putting their own arrangements in place for making sure that when they do transfer personal data overseas it continues to be protected to an adequate standard (ICO: initial analysis of the European Commission s proposals for a revised data protection legislative framework, 27 February 2012). The British Bankers Association is also critical of this change: Members feel that where a less prescriptive approach has demonstrably been effective, that undermines the case for requiring a more prescriptive approach, particularly bearing in mind the principles of better regulation (Letter to the Ministry of Justice, 6 March 2012). The impact of the removal of self-assessment of adequacy is likely to hit small and medium sized enterprises the hardest. Appropriate safeguards model clauses Three categories of standard data protection clauses are recognised under the Regulation, specifically those: (i) adopted by Commission the three existing forms of model clauses, approved by the Commission, will remain in force, at least initially; (ii) adopted by supervisory authority (by means of a consistency mechanism); and (iii) ad hoc clauses, which are authorised by a supervisory authority on a case by case basis. The great advantage offered by the Regulation over the existing Directive will be the removal of the requirement to notify, or obtain approval from, a supervisory authority to the use of model clauses in connection with a particular transfer. This should represent a considerable lightening of the administrative burden, and costs, associated with reliance on model clauses.
5 5 Less than adequate cross-border data transfers under the proposed Regulation May 2012 Appropriate safeguards binding corporate rules Binding Corporate Rules (BCRs) are now explicitly recognised by the Regulation. BCRs can apply to processors as well as controllers. However, they will continue to be limited to use within the same corporate group (i.e. no third parties). Although the current proposal provides that they must apply to every member of the controller or processor s group of undertakings, we understand having discussed with the Commission that this was not an intended result so it is likely it will still be possible to ring-fence parts of a corporate group from the application of BCRs. Binding corporate rules must be legally binding, expressly confer rights on data subjects and contain certain minimum contents, including, among other things: (i) the structure and contract details of the group; (ii) details of the transfers (including the categories of data, purposes and countries in question); (iii) the general data protection principles; (iv) details of the rights of data subjects; (v) an assumption of liability by EU established controllers and processors for breaches by other members of the group; (vi) the mechanisms for ensuring verification of compliance with the rules; and (vii) the cooperation mechanism with the supervisory authority, to ensure compliance by the group. BCRs will continue to require authorisation by a lead data protection authority under the Regulation. This has been criticised by the ICO: [We] do not believe that supervisory authorities need to have a role in authorising or approving binding corporate rules (ICO: initial analysis of the European Commission s proposals for a revised data protection legislative framework, 27 February 2012). The requirement for authorisation could well mean that BCRs will remain out of reach for all but the most ambitious businesses, which will generally be larger multi-national enterprises with a sophisticated internal data protection compliance Other appropriate safeguards As an alternative to relying on binding standard contractual clauses, or BCRs, it will be possible to rely on appropriate safeguards not provided for in a legally binding instrument. This is likely to encompass codes of practice or documents with a similar status. Reliance on such an instrument will require prior authorisation by supervisory authority. The A29 Working Party has suggested this provision be deleted, on the basis it considers bindingness (sic) to be an important requirement (A29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, 23 March 2012).
6 6 Less than adequate cross-border data transfers under the proposed Regulation May 2012 Derogations For the most part, the existing derogations are preserved. If relying on consent to undertake cross-border transfers, not only must that consent be explicit, but the data subject must also be informed of the risks due to the absence of adequacy or appropriate safeguards. If relying on an important public interest, the Regulation clarifies, consistent with earlier A29 Working Party opinions in relation to the Directive, that it must be a public interest provided for in EU law or EU member state law. The Commission may also adopt delegated acts to define the scope of this provision. The derogations have been expanded to include a legitimate interests derogation, which is available in relation to transfers which are not frequent or massive (neither of these terms are defined but they reflect the thinking of the A29 Working Party) and provided the controller or processor has assessed all the circumstances surrounding the data transfer operation or the set of data transfer operations and based on the assessment adduced appropriate safeguards, which are documented and notified to the supervisory authority. The data controller must have regard to certain factors, including the nature of the data, the purpose and duration of the proposed processing, as well as other factors. The A29 Working Party has expressed concern at this and other derogations which it deems very wide (A29 Data Protection Working Party, Opinion 01/2012 on the data protection reform proposals, 23 March 2012). The ICO on the other hand has said they do not understand why this derogation is restricted to transfers which are not frequent or massive, and that it should also apply to ordinary routine transfers provided there is adequate protection (ICO: initial analysis of the European Commission s proposals for a revised data protection legislative framework, 27 February 2012). Sanctions The Regulation provides for the imposition of fines up to EUR 1,000,000, or in the case of an enterprise up to 2% of its annual worldwide turnover, in relation to a data controller that carries out or instructs a data transfer to a third country or an international organisation that is not allowed by an adequacy decision or by appropriate safeguards or by a derogation.
7 7 Less than adequate cross-border data transfers under the proposed Regulation May 2012 So what does this mean? What really happens today is that a great many businesses, including many small and medium sized enterprises, likely ignore the restrictions on cross-border data transfers either altogether or to a large extent. Larger or more responsible businesses will endeavour to comply, spending large amounts of resources and money to put in place paper-based structures to meet the requirements of the Directive, but in reality will achieve compliance only some of the time. The benefits to data subjects of their efforts are difficult to perceive. It seems doubtful, notwithstanding the threat of eye-watering fines, whether there will be a shift in approach under the proposed Regulation. The Regulation contains some positive changes: increased harmonisation; the removal of the requirement to file model clauses and obtain approval to undertake transfers; and explicit recognition of BCRs. Some changes which on the surface look significant will in practice make little impact, such as the new legitimate interests derogation, which has provoked the ire of the A29 Working Party but which in its present form cannot be applied to transfers which are massive or frequent and requires notification to the supervisory authority, each of which will considerably undermine its usefulness. Regrettably, the proposed changes merely represent tinkering around the edges by the Commission, which has remained faithful to the existing framework set out in the Directive. This is apparently borne out of the need to strike a compromise between the member states. Most agree that a much more radical overhaul is required, which recognises the practical challenges of compliance with the existing framework properly weighed against the benefits it delivers for data subjects. The proposed cross-border transfers regime under the Regulation remains much too bureaucratic, continuing to focus on paper-based compliance mechanisms such as model clauses, and will likely fail to deliver measurable benefits to data subjects. Nigel Parker is a Senior Associate in the London office of Allen & Overy. Nigel Parker Tel nigel.parker@allenovery.com
8 FOR MORE INFORMATION, PLEASE CONTACT: Belgium Germany Luxembourg Romania Tom De Cordier Counsel, Brussels Tel tom.decordier@allenovery.com Bettina Enderle Counsel, Frankfurt bettina.enderle@allenovery.com Cyril Pierre-Beausse Counsel, Luxembourg cyril.pierre-beausse@allenovery.com Radu Diaconu Associate, Bucharest radu.diaconu@rtprallenovery.com Czech Republic Hungary Netherlands Spain Prokop Verner Senior Associate, Prague prokop.verner@allenovery.com Balázs Sahin-Tóth Counsel, Budapest balazs.sahin-toth@allenovery.com Hendrik Jan Biemond Partner, Amsterdam hendrikjan.biemond@allenovery.com Rafael Beneyto Associate, Madrid rafael.beneyto@allenovery.com France Italy Poland Slovakia Ahmed Baladi Partner, Paris ahmed.baladi@allenovery.com Lydia Mendola Senior Associate, Milan lydia.mendola@allenovery.com Magdalena Bartosik Senior Associate, Warsaw magdalena.bartosik@allenovery.com Zuzana Hecko Associate, Bratislava Tel zuzana.hecko@allenovery.com UK UK UK UK Jane Finlayson-Brown Partner, London Tel jane.finlayson-brown@allenovery.com Mark Mansell Partner, London Tel mark.mansell@allenovery.com Nigel Parker Senior Associate, London Tel nigel.parker@allenovery.com Charlotte Mullarkey Senior PSL, London Tel charlotte.mullarkey@allenovery.com This note is for general guidance only and does not constitute definitive advice. In this document Allen & Overy means Allen & Overy LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Allen & Overy LLP or an employee or consultant with equivalent standing and qualifications or an individual with equivalent status in one of Allen & Overy LLP s affiliated undertakings. Allen & Overy LLP or an affiliated undertaking has an office in each of: Abu Dhabi, Amsterdam, Antwerp, Athens (representative office), Bangkok, Beijing, Belfast, Bratislava, Brussels, Bucharest (associated office), Budapest, Casablanca, Doha, Dubai, Düsseldorf, Frankfurt, Hamburg, Hong Kong, Jakarta (associated office), London, Luxembourg, Madrid, Mannheim, Milan, Moscow, Munich, New York, Paris, Perth, Prague, Riyadh (associated office), Rome, São Paulo, Shanghai, Singapore, Sydney, Tokyo, Warsaw, Washington, D.C. I CS1204_CDD-2688_ADD
The EU General Data Protection Regulation. allenovery.com
The EU General Data Protection Regulation 2017 2 The EU General Data Protection Regulation 2017 A new data protection landscape After over four years of discussion, the new EU data protection framework
More informationRegulatory references. Further food for thought November allenovery.com
Regulatory references Further food for thought November 2016 Regulatory references Further food for thought November 2016 Getting ready At the end of September 2016, the FCA and the PRA published their
More informationGuide to becoming a self-employed lawyer in Australia
Guide to becoming a self-employed lawyer in Australia Contents Legal consulting a new way of working 3 Peerpoint the right choice for you? 4 The basics of self-employment 5 Setting up and running an ILP
More informationOur Practice Group Public procurement law
Our Practice Group Public procurement law Allen & Overy in Germany 2018 2 Our Practice Group Public procurement law Allen & Overy in Germany 2018 Public procurement law Many contracting authorities and
More informationBinding Corporate Rules. March
Binding Corporate Rules March 2016 2 Binding Corporate Rules March 2016 Allen & Overy LLP 2016 3 Contents What are BCRs? a quick reminder 05 The current process for obtaining BCRs for controllers 06 BCRs
More informationOur Global Environmental and Regulatory Law practice
Our Global Environmental and Regulatory Law practice 2017 2 Our Global Environmental and Regulatory Law practice 2017 Introduction Environmental and regulatory compliance issues are now part of everyday
More informationThe EU General Data Protection Regulation
The EU General Data Protection Regulation Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership
More informationEU Energy Union Package - Reforms to Energy Market and Renewable Energy Legislation
EU Energy Union Package - Reforms to Energy Market and Renewable Energy Legislation 1 Briefing note December 2016 EU Energy Union Package - Reforms to Energy Market and Renewable Energy Legislation Key
More informationProcurements falling outside the scope of the EU Directives The issue of cross-border interest
Procurements falling outside the scope of the EU Directives The issue of cross-border interest Nicolas Pourbaix, Counsel 5 March 2015 EJTN / ERA Training on EU Public Procurement Law for Judges Outline
More informationGuidelines for the Foreign NGOs Law are in process. October 2016
Guidelines for the Foreign NGOs Law are in process October 2016 Guidelines for the Foreign NGOs Law are in process The Ministry of Public Security (the "MPS") and its Shanghai branch co-organized a meeting
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 05/EN WP108 Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules Adopted on April 14 th, 2005 This Working Party
More informationTHE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE
OCTOBER 2017 EU, COMPETITION, TRADE AND REGULATORY THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE The EU General Data Protection Regulation (GDPR) becomes effective
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationOpportunities for law graduates in Belfast
Opportunities for law graduates in Belfast 2016 www.allenovery.com 2 Opportunities for law graduates in Belfast 2016 Allen & Overy LLP 2016 3 Contents Allen & Overy 04 Introducing the Legal Services Centre
More informationDEVELOPING DECENTRALISED ENERGY SYSTEMS FOR URBAN REAL ESTATE SCHEMES
New urban real estate developments are increasingly sourcing their energy from decentralised energy systems rather than from connections to the national grid networks. This briefing sets out some of the
More informationReview of Mine Safety Regulations UNECE Ad Hoc Group of Experts on CMM. Victoria Burn Associate Norton Rose LLP 16 October 2008
Review of Mine Safety Regulations UNECE Ad Hoc Group of Experts on CMM Victoria Burn Associate Norton Rose LLP 16 October 2008 Fourth Session of the Ad Hoc Group of Experts on Coal Mine Methane Geneva,
More information10349/14 GS/np 1 DG D 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 28 May 2014 10349/14 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 85 JAI 375 MI 467 DRS 74 DAPIX 73 FREMP 106 COMIX 292 CODEC 1384 NOTE from: Presidency
More informationCommittee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 06.07.2012 WORKING DOCUMT on the protection of individuals with regard to the processing of personal data and on the free
More informationEuropean Court of Justice Mandates Broader Use of Competitive Tendering in Defense Procurement
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Peter Teare Partner, London
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationThe Emerging Markets Acceleration Program and Globalization Readiness Index. Capturing Breakthrough Growth in Emerging Markets
The Emerging Markets Acceleration Program and Globalization Readiness Index Capturing Breakthrough Growth in Emerging Markets The Boston Consulting Group (BCG) is a global management consulting firm and
More informationHay Group Spectrum. The next generation HR solution
Hay Group Spectrum The next generation HR solution Today, you can t afford to have anything less than an integrated approach to HR. An approach that delivers real insights to strategic decision-making.
More informationFalse Self-Employment and Illegal Use of Temporary Workers
False Self-Employment and Illegal Use of Temporary Workers IT-based solution for fast and convenient assessment of individual cases Risks involved in the use of external personnel not to be underestimated
More informationCharacteristics of the Australian Renewables Sector. November 2016
Characteristics of the Australian Renewables Sector November 2016 2 Characteristics of the Australian Renewables Sector November 2016 Contents Introduction 3 Federal and government initiatives and incentives
More informationComments on Chapter IV Part I Controller and processor 25/08/2015 Page 1
Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1 Bitkom represents more than 2,300 companies in the digital sector, including 1,500 direct members. With more than 700,000 employees,
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationAntitrust & Competition
Antitrust & Competition 2013 2 Antitrust & Competition 2013 Global Competition Review Elite law firm 2013 Allen & Overy LLP 2013 3 Combining global presence and perspective with local experience and expertise
More informationParliament of Romania Chamber of Deputies Committee for information technologies and communications
Parliament of Romania Chamber of Deputies Committee for information technologies and communications The reform of the EU Data Protection framework Building trust in a digital and global world 9/10 October
More informationMunicipal waste incineration plants
1 Municipal waste incineration plants Briefing August 2013 Municipal waste incineration plants Poland produces approx. 12 million tonnes of municipal waste every year. If the Polish waste management market
More informationContents. Introduction 1. Territorial scope 3. Supervisory authority 4. Data governance and accountability 5. Export of personal data 14
GDPR checklist Contents Introduction 1 Territorial scope 3 Supervisory authority 4 Data governance and accountability 5 Export of personal data 14 Joint controllers 16 Processors 17 Lawful grounds to process
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationWarehousing: Charting the Way to a Winning Strategy
Warehousing: Charting the Way to a Winning Strategy Strong headwinds are challenging how companies operate their warehouses. Successful navigation hinges on optimizing capacity, improving utilization,
More informationPayNet UK Salary Tracker: What is the real cost of living for UK employees today?
PayNet UK Salary Tracker: What is the real cost of living for UK employees today? Overview Hay Group s quarterly PayNet UK Salary Tracker looks at how employees pay compares with a range of key economic
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationCompetition compliance programmes
Competition compliance programmes August 2013 INTRODUCTION Both EU and Slovak law prohibit undertakings from engaging in various anti-competitive activities, including restrictive agreements (such as cartels)
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationQuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready?
QuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready? October 10, 2017 Attorney Advertising Webinar Guidelines Participants are in listen-only mode Submit questions via the
More information1 EU institutions and law making
1 EU institutions and law making INTRODUCTION THE EU HAS its origins in the European Coal and Steel community formed by France, Germany, Italy, Belgium, Luxembourg and the Netherlands by the Treaty of
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationRegional Office in Bavaria Organisation and tasks
Page 1 Deutsche Bundesbank: the central bank of the Federal Republic of Germany The Deutsche Bundesbank is the Central Bank of the Federal Republic of Germany. Since the establishment of the European Monetary
More informationWhat is executive remuneration in high definition?
Executive remuneration in high definition Article two a high definition approach to benchmarking Our latest series of papers turns a high definition lens to different aspects of executive reward. This
More informationIn Sierra Club v. Environmental Protection Agency, 2013 U.S. App. LEXIS 1408
Skadden Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or call your regular Skadden
More informationWe are one of the world's leading strategy consultancies
COMPANY PRESENTATION We are one of the world's leading strategy consultancies We... Focus on CEO-relevant topics and multinational clients Believe in three fundamental values: entrepreneurship, partnership
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationDr. Danguolė Bublienė THE IMPLEMENTATION OF THE CONSUMER RIGHTS DIRECTIVE: KEY ISSUES
Dr. Danguolė Bublienė THE IMPLEMENTATION OF THE CONSUMER RIGHTS DIRECTIVE: KEY ISSUES 1 The stages of the implementation of the directives into the national law CRD Application Transposition Enforcement
More informationThe One Stop Shop Working in Practice
The One Stop Shop Working in Practice Introduction This paper is submitted to the Working Party in light of its deliberations on the application of the One Stop Shop ( OSS ) under the proposed General
More informationGDPR. The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April
www.thalesgroup.com/uk SECURE COMMUNICATIONS AND INFORMATION SYSTEMS The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 Contents What is the
More informationVELOPRESSO DELIVERY GUIDE
VELOPRESSO DELIVERY GUIDE We ship worldwide, and this document provides a guide to the options, cost and process of delivering a Velopresso coffee trike to you. Velopressos are sold in accord with Incoterms
More informationThe Coalition Concept
The Coalition Concept Some suggest treating outsourcing as a marriage; others say it is a transactional arrangement. In our view, outsourcing is a coalition an alliance formed for mutual benefit. 1 It
More informationAlert Memo. Proposed New EU Financial Regulatory System
Alert Memo BRUSSELS JUNE 19, 2009 Proposed New EU Financial Regulatory System On June 19, 2009, the European Council supported, with certain modifications, the Commission communication entitled European
More informationAugust THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT: Striving for a Workable Single Market in the EU
Federation of European Accountants Fédération des Experts comptables Européens Briefing Paper Standing for trust and integrity August 2014 THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT:
More informationThe General Data Protection Regulation An Overview
The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter
More informationConducting privacy impact assessments code of practice
ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...
More informationSocial Media: Issues on the Horizon
Social Media: Issues on the Horizon October 20, 2010 Meredith Manning, Partner FDA/Pharmaceuticals / Washington, D.C. Issues deserving attention Viral Marketing Print-rule Traps Behavioral Marketing www.hoganlovells.com
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationA.T. Kearney Aerospace & Defense Services. Creating tangible and lasting results in Aerospace & Defense
A.T. Kearney Aerospace & Defense Services Creating tangible and lasting results in Aerospace & Defense A.T. Kearney s Scope of Expertise A.T. KEARNEY IS A GLOBAL MANAGEMENT CONSULTING FIRM THAT uses strategic
More informationOpportunities for Action in Financial Services. Refocusing on Costs
Opportunities for Action in Financial Services Refocusing on Costs Refocusing on Costs Thanks to rapid economic expansion and widespread industry consolidation, banks have grown dramatically during the
More information5853/12 GS/np 1 DG H 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 27 January 2012 5853/12 Inte rinstitutional File: 2012/0011 (COD) DATAPROTECT 9 JAI 44 MI 58 DRS 9 DAPIX 12 FREMP 7 COMIX 61 CODEC 219 PROPOSAL from: European Commission
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationPLN appointing renewable energy developers for direct selection panel. January 2018 Joseph Kim, Sean Conaty and Robin Musch
PLN appointing renewable energy developers for direct selection panel January 2018 Joseph Kim, Sean Conaty and Robin Musch 3 Overview PLN is currently in the process of appointing developers to a newly
More informationTHE BIG DIGITAL FAIL Why Only 1 in 4 Companies Achieve Topline Growth with Digitalization
THE BIG DIGITAL FAIL Why Only 1 in 4 Companies Achieve Topline Growth with Digitalization Results & Insights of the Global Pricing & Sales Study 2017 In collaboration with: The Center for Pricing at Simon
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationContents. A new way to progress your career: your way. 4 Peerpoint. 6 The new breed of lawyer. 14 Our consultants. 17 Make your move.
Make your move. Contents A new way to progress your career: your way. 4 Peerpoint. 6 The new breed of lawyer. 14 Our consultants. 17 Make your move. 21 2 3 There is a new way to progress your career: your
More informationThe Top 10 Operational Impacts of the EU s General Data Protection Regulation
The Top 10 Operational Impacts of the EU s General Data Protection Regulation www.iapp.org IAPP - International Association of Privacy Professionals The Top 10 Operational Impacts of the EU s General Data
More informationEBA/CP/2016/ December Consultation Paper. Draft Guidelines on supervision of significant branches
EBA/CP/2016/24 20 December 2016 Consultation Paper Draft Guidelines on supervision of significant branches Contents 1. Responding to this consultation 3 2. Executive Summary 4 3. Background and rationale
More informationGeneral Data Protection Regulation Key News
General Data Protection Regulation Key News / Introduction The General Data Protection Regulation 1 ( GDPR ) was approved on 27 April 2016 and is set to come into force on 25 May 2018. It will replace
More informationIFOAM EU Group. International Federation of Organic Agriculture Movements - EU Regional Group. Rue d'arlon 82, BE-1040 Brussels Tel
IFOAM EU Group International Federation of Organic Agriculture Movements - EU Regional Group Rue d'arlon 82, BE-1040 Brussels Tel +32 2 282 4665 Co-existence between GM and non-gm crops Necessary anti-contamination
More informationCase T-306/01. Ahmed Ali Yusuf and Al Barakaat International Foundation v Council of the European Union and Commission of the European Communities
Case T-306/01 Ahmed Ali Yusuf and Al Barakaat International Foundation v Council of the European Union and Commission of the European Communities (Common foreign and security policy Restrictive measures
More informationEU data protection reform
EU data protection reform Background and insight A Whitepaper Executive summary The Irish Data Protection Acts 1988 and 2003 gave effect to the European Data Protection Directive 95/46/EC. The existing
More informationGetting Ready for the. General Data Protection Regulation GDPR. A Guide by Mason Hayes & Curran. Dublin, London, New York & San Francisco. MHC.
Getting Ready for the General Data Protection Regulation GDPR 2018 Dublin, London, New York & San Francisco A Guide by Mason Hayes & Curran MHC.ie The contents of this publication are to assist access
More informationOpinion 3/2010 on the principle of accountability
ARTICLE 29 DATA PROTECTION WORKING PARTY 00062/10/EN WP 173 Opinion 3/2010 on the principle of accountability Adopted on 13 July 2010 This Working Party was set up under Article 29 of Directive 95/46/EC.
More informationCouncil of the European Union Brussels, 8 December 2017 (OR. en)
Council of the European Union Brussels, 8 December 2017 (OR. en) 14866/17 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: CORLX 548 CFSP/PESC 1063 CSDP/PSDC 667 FIN 752 COUNCIL DECISION establishing Permanent
More informationHealthcare.
Healthcare www.stantonchase.com Stanton Chase is a leader in executive search and leadership consulting with a global footprint, local expertise, and extensive experience across numerous industries and
More informationBLOOMBERG MiFID II SOLUTIONS
ENTITY INTELLIGENCE BLOOMBERG MiFID II SOLUTIONS Entity Exchange is a flexible, secure & efficient solution to repapering clients for MiFID II BLOOMBERG MiFID II SOLUTIONS MiFID II will require substantial
More informationMaking Cities Work Sustainable Urban Infrastructure
Making Cities Work Sustainable Urban Infrastructure Stuart Clarkson Chief Executive Officer - Siemens Southern Africa 20 Nairobi Megatrends pose urgent challenges to cities Urbanisation Climate Change
More informationGovernance Watch Webcast #1: Best Practices in Board Succession Planning
Governance Watch Webcast #1: Best Practices in Board Succession Planning In the ever-evolving market, boards must carefully consider how they will both lead and adapt along with their organizations. In
More informationUnderstanding the Role of the Chief Strategy Officer
Understanding the Role of the Chief Strategy Officer The Boston Consulting Group (BCG) is a global management consulting firm and the world s leading advisor on business strategy. We partner with clients
More informationWORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY
WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY This month s World Media Group Breakfast Briefing Everything You Need to Know about GDPR - was one of our best-ever attended sessions.
More informationThe Purchasing Chessboard
The Purchasing Chessboard In turbulent times, markets become more volatile and differentiated. What does this mean for companies and industries worldwide? That a one size fits all supply strategy no longer
More informationOrganisational Readiness for the European Union General Data Protection Regulation (GDPR)
Organisational Readiness for the European Union General Data Protection Regulation (GDPR) 1 Contents Foreword...3 Executive Summary...4 Survey Results and Key Findings...6 1. GDPR impact, organisational
More informationWinning. strategy. The World s Most Admired lead the way in board governance and human capital management
Winning strategy The World s Most Admired lead the way in board governance and human capital management 4 2007 The 2007 study into the World s Most Admired Companies highlights the board s role in effective
More informationRetail Banking: A Wealth of Opportunity for Retailers?
Retail Banking: A Wealth of Opportunity for Retailers? The retail banking sector, facing unprecedented change, offers an exciting opportunity for new entrants and particularly retailers if they ask the
More informationStaying on the Leading Edge
Human Resources Staying on the Leading Edge Five important qualities for aspiring chief human resources officers So you want to be a CHRO. That s an admirable goal, but keep in mind that the responsibilities
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationEBA/CP/2013/12 21 May Consultation Paper
EBA/CP/2013/12 21 May 2013 Consultation Paper Draft Regulatory Technical Standards On Passport Notifications under Articles 35, 36 and 39 of the proposed Capital Requirements Directive Consultation Paper
More informationContents. A new way to progress your career: your way. 4 Peerpoint. 6 The new breed of lawyer. 14 Our consultants. 17 Make your move.
Make your move. Contents A new way to progress your career: your way. 4 Peerpoint. 6 The new breed of lawyer. 14 Our consultants. 17 Make your move. 21 2 3 There is a new way to progress your career: your
More informationData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business
More informationDigital Lean: The Next Stage in Operations Optimization
Lean: The Next Stage in Operations Optimization Traditional lean needs a turbo-boost from digital to manage rising complexity and increasingly linked value chains. COOs should start investing now in the
More informationGDPR: keeping data processing records
GDPR: keeping data processing records Fit4DataProtection Keeping data processing records under the GDPR 1. Why? 2. Who? 5. 3. 4. What? How? Sanctions? 6. What can we recommend? 1. Why? new data quality
More informationRexel Shredding. Why a paper security policy is integral to GDPR compliance.
Rexel Shredding Why a paper security policy is integral to GDPR compliance. Disclaimer Nothing contained herein should be construed as legal advice. Organisations should consult legal counsel with regard
More informationMiFID II. Product governance
MiFID II Product governance d MiFID II planning and implementation is a top priority for asset managers affected by European regulations and brings with it both challenges and opportunities. The new product
More informationGuidelines on the protection of personal data in IT governance and IT management of EU institutions
Guidelines on the protection of personal data in IT governance and IT management of EU institutions Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 30 - B-1000 Brussels E-mail : edps@edps.europa.eu
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes!
More informationEmployment Law Newsletter > September 2010
Employment Law Newsletter > 2010 5 3 September 2010 In this issue Expansion of possibility to extend employment agreements for young people Legislative bills Amendment of vacation legislation and Expiration
More informationState and perspectives of urban logistics in Poland
Business Logistics Department E-mail: szoltyse@ae.katowice.pl www.ae.katowice.pl The Karol Adamiecki Bogucicka 14 40-226 KATOWICE Tel. +48 32 259 84 21 Fax +48 32 258 89 11 State and perspectives of urban
More informationWebinar Series Spotlight on Key Labour and Employment Issues. The Law on Safeguarding Employment (13 June 2013) Main provisions
Webinar Series Spotlight on Key Labour and Employment Issues The Law on Safeguarding Employment (13 June 2013) Main provisions Jean-Marc Sainsard Pauline Pierce France March 26, 2014 39 Offices in 19 Countries
More informationExpertise & Experience COMPLIANCE
Expertise & Experience COMPLIANCE A HIGHLY RECOMMENDED COMPLIANCE PRACTICE (...) ONE OF THE BROADEST AND BEST-ESTABLISHED TEAMS JUVE Handbook 2014 2 WE UNDERSTAND THE CHALLENGES YOU FACE Business is becoming
More informationGuidelines. on imports of organic products into the European Union
EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR AGRICULTURE AND RURAL DEVELOPMENT Directorate H. Sustainability and quality of agriculture and rural development H.3. Organic farming 15.12.2008 Guidelines on
More information