Blog

Processor or controller? Incorrect qualification leads to infringement of GDPR

Written by Edwin Jacobs on , in category Rules & regulations

Some companies try to point the finger at one another for responsibility or try to contractually allocate roles. However, an incorrect qualification can result in companies trying to meet the wrong GDPR obligations. This brings us to the question: "what is meant by purpose and means of the processing, and when are you considered to determine them"?

Read more

PSD2: New Payment Services Law in Belgium

Written by Edwin Jacobs on , in category E-business

On Monday 26 March 2018, a new transposition law was published in the Belgian Official Gazette: the Law of 11 March 2018 on the statute and supervision of payment institutions and electronic money institutions, access to the business of payment service provider and to the activity of issuing electronic money, and access to payment systems.

Read more

How To Tackle Data Breaches Notifications Under GDPR

Written by Edwin Jacobs on , in category Rules & regulations

On October 3rd 2017, the EU’s Article 29 Working Party (WP29) adopted its draft of ‘Guidelines on Personal data breach notification under Regulation 2016/679 [General Data Protection Regulation]’. Even though the document is still open for comments by stakeholders until November 28th, this article takes a preliminary look at the guidelines’ main takeaways and recalls upon data breach obligations arising from other instruments that payment -, communication- and internet service providers might also have to comply with.

Read more

Is Profiling Still Allowed Under GDPR?

Written by Edwin Jacobs on , in category Rules & regulations

Ecommerce merchants, PSPs, fintech companies and financial institutions use big data technologies to improve customer intelligence, reduce risk, and meet regulatory objectives. For all companies doing business in Europe, including those based in the US or elsewhere outside the EU, it is crucial to align business operations with the General Data Protection Regulation (GDPR) that will come into force on 25 May 2018.

Read more