GDPR Archives

Latvian DVI Outlines Actions Post-DPO Appointment

DPO, GDPR | June 8, 2024

The Latvian Data State Inspectorate (DVI) issued guidelines for organizations after appointing a Data Protection Officer (DPO). The guidelines emphasize informing the DVI of the DPO’s contact details, notifying citizens, updating changes, and reporting terminations. The DPO can be either DVI-certified or a knowledgeable professional, appointed via employment or outsourcing. Ensuring DPO availability during absences is crucial for continuous data protection compliance.

Latvian DVI Outlines Actions Post-DPO Appointment Read More »

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23)

EU law, GDPR, Right to deletion | June 8, 2024

Advocate General Medina addressed the interplay between EU data protection regulations and company law concerning the public disclosure of personal data in company registers. The case involves the refusal by Bulgaria’s Registration Agency to erase personal data from a company’s constitutive instrument, published in the commercial register. The AG emphasized that the agency must balance data protection rights with legal transparency obligations. The opinion underscored the need for procedural safeguards to protect personal data while ensuring necessary public access to company information.

Advocate General Opinion on GDPR and Company Registers (Case C‑200/23) Read More »

Danish DPA publishes AI data protection impact assessment template

AI, DPIA, EU law, GDPR | June 8, 2024

On 22 May 2024, the Danish Data Protection Agency (Datatilsynet) released two templates to assist companies and authorities in conducting impact assessments. One template addresses AI solutions, and the other is more general. These templates aim to help organizations perform adequate and timely assessments, addressing challenges identified in an October 2023 survey. The AI-specific template includes examples of risks and mitigation measures and emphasizes clear documentation, stakeholder consultation, and regular updates.

Danish DPA publishes AI data protection impact assessment template Read More »

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers

AI, EU law, GDPR | June 8, 2024

The Austrian Data Protection Authority (DSB) issued guidelines on the relationship between the GDPR and the new EU AI Act, formally adopted on 21 May 2024. The DSB emphasized that the GDPR remains applicable when personal data is processed by AI systems. The guidelines, one aimed at private controllers and another aimed at public controllers, stress the importance of legal bases under Articles 6(1) and 9(2) of the GDPR for processing personal data.

Austria’s DSB Publishes Information on the relationship between the GDPR and the EU AI Act for controllers Read More »

Italian DPA Issues Guidance on Protecting Online Personal Data from Web Scraping

AI, GDPR, web scraping | June 8, 2024

The Italian Data Protection Authority (Garante) has issued guidance to protect personal data published online by public and private entities from web scraping.

Italian DPA Issues Guidance on Protecting Online Personal Data from Web Scraping Read More »