Some companies try to point the finger at one another for responsibility or try to contractually allocate roles. However, an incorrect qualification can result in companies trying to meet the wrong GDPR obligations. This brings us to the question: "what is meant by purpose and means of the processing, and when are you considered to determine them"?
On 5 September 2018, the new Belgian Data Protection Act of 30 July 2018 was published in the Belgian Official Journal. You can download the entire text here (pdf).
On July 19th the European Data Protection Board (EDPB) met in Brussels to discuss cross border cooperation and consistency procedures.
Just like last year and the years before, international law office time.lex has once again been recommended by Legal 500 and Chambers. These organizations annually publish a list of the best law firms per sector and per country, based on large-scale (customer) satisfaction surveys.
On Monday 26 March 2018, a new transposition law was published in the Belgian Official Gazette: the Law of 11 March 2018 on the statute and supervision of payment institutions and electronic money institutions, access to the business of payment service provider and to the activity of issuing electronic money, and access to payment systems.
On October 3rd 2017, the EU’s Article 29 Working Party (WP29) adopted its draft of ‘Guidelines on Personal data breach notification under Regulation 2016/679 [General Data Protection Regulation]’. Even though the document is still open for comments by stakeholders until November 28th, this article takes a preliminary look at the guidelines’ main takeaways and recalls upon data breach obligations arising from other instruments that payment -, communication- and internet service providers might also have to comply with.
EEMA, the leading independent not for profit, European think tank focussing on identification, authentication, privacy, risk management, cyber security, the Internet of Things and mobile applications, has presented Jos Dumortier with its Lifetime Achievement Award.
Ecommerce merchants, PSPs, fintech companies and financial institutions use big data technologies to improve customer intelligence, reduce risk, and meet regulatory objectives. For all companies doing business in Europe, including those based in the US or elsewhere outside the EU, it is crucial to align business operations with the General Data Protection Regulation (GDPR) that will come into force on 25 May 2018.
In 2017, time.lex and CEPS (Centre for European Policy Studies) performed an interesting study for the European Parliament (EP) Research Service regarding the possible introduction of a mandatory guarantee for the lifespan of certain products in the EU consumer legislation framework.
On June 14th, 2017 the European Court of Justice (CJEU) confirmed that Internet Access Providers (IAPs) can be obliged to block the domain names and IP addresses of the online sharing platform The Pirate Bay (TPB).