Andreea Lisievici

Quebec Implements Personal Information Anonymization Regulations

Quebec Implements Anonymization Regulation

Anonymization |

The Quebec government’s Personal Information Anonymization Regulation came into force on 30 May 2024. This regulation sets criteria and procedures for anonymizing personal data, requiring public bodies and private businesses to destroy or anonymize data once its intended use is fulfilled. Organizations must follow best practices and regularly reassess anonymized data to ensure continued anonymity. Article 9, detailing record-keeping requirements, will take effect on 1 January 2025.

Quebec Implements Anonymization Regulation Read More »

Irish DPC Published 2023 Annual Report

Irish Data Protection Commission Published 2023 Annual Report

annual report, DPC |

The Data Protection Commission (DPC) published its 2023 Annual Report, detailing significant actions and statistics. The DPC issued 19 decisions, resulting in €1.55 billion in fines, including €1.2 billion against Meta for data transfers to the US and €345 million against TikTok for child data processing violations. The report highlighted a 20% increase in new cases, totaling 11,200, and the DPC’s input on over 37 legislative proposals.

Irish Data Protection Commission Published 2023 Annual Report Read More »

EDPB Statement on Financial Data Access and Payments Package

EDPB Statement on Financial Data Access and Payments Package

EDPB, EU law |

The European Data Protection Board (EDPB) adopted Statement 2/2024, addressing the European Commission’s proposals for Financial Data Access (FIDA), Payment Service Regulation (PSR), and Payment Service Directive (PSD3). The EDPB highlights the need for clear rules on recording and disclosing personal data, defines obligations for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), and emphasizes data protection, transparency, and minimization. Key recommendations include robust safeguards in transaction monitoring, defining ‘permission’ distinct from GDPR consent, and enhancing cooperation among supervisory authorities.

EDPB Statement on Financial Data Access and Payments Package Read More »

Latvian DVI Outlines Actions Post-DPO Appointment

Latvian DVI Outlines Actions Post-DPO Appointment

DPO, GDPR |

The Latvian Data State Inspectorate (DVI) issued guidelines for organizations after appointing a Data Protection Officer (DPO). The guidelines emphasize informing the DVI of the DPO’s contact details, notifying citizens, updating changes, and reporting terminations. The DPO can be either DVI-certified or a knowledgeable professional, appointed via employment or outsourcing. Ensuring DPO availability during absences is crucial for continuous data protection compliance.

Latvian DVI Outlines Actions Post-DPO Appointment Read More »

Quebec CAI Releases User-Friendly PIA Companion Guide

Quebec CAI Releases Updated Privacy Impact Assessment template and Companion Guide

DPIA |

The Quebec Commission on Access to Information (CAI) has introduced a new, user-friendly version of its Privacy Impact Assessment (PIA) Companion Guide on May 14, 2024. This guide, updated from its September 2023 edition, enhances accessibility for those overseeing personal information protection. It outlines when a PIA is necessary, steps for conducting a PIA, and preparing PIA reports. Additionally, a non-mandatory PIA reporting template is provided to assist public bodies and businesses, promoting thorough and compliant privacy practices.

Quebec CAI Releases Updated Privacy Impact Assessment template and Companion Guide Read More »

Scroll to Top