On March 10, Italy’s data protection authority, Il Garante per la protezione dei dati personali (the “Garante”), announced that it had ordered fines totaling more than €11 million on five companies operating in the money transfers sector for breach of Italian data protection law. The sanctions have been described as the largest privacy fines ever […]
European Union (EU)
UK Launches Public Consultation on GDPR Consent Guidance
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing UK’s Data Protection Act 1998 (DPA). It is yet unclear how Brexit will play out, yet in the meantime the United Kingdom is moving to adopt the GDPR principles so that it adequately protects the personal data transferred within the […]
CNIL Launches Second Round of Public Consultation on GDPR
Last week, the French Data Protection Authority (“CNIL”) launched the second round of a public consultation on the General Data Protection Regulation (“GDPR”). The first public consultation was launched in June 2016 and addressed the requirements in the GDPR relating to data protection officers, data portability and privacy seals and certifications. The outcome of the […]
Spanish Ministry of Justice Launches Public Consultation on GDPR
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”). The press release clarifies that although the GDPR has direct effect in the European Member States, its implementation into Spanish law is not a […]
Spanish DPA Issues GDPR Guidelines
On January 26, 2017, the Spanish data protection authority (“AEPD”) published three guidance papers on the implementation of the general data protection regulation (“GDPR”). Although the guidance is primarily directed at small and medium-sized companies, it gives a snapshot on how the AEPD reads the GDPR and is thus relevant for all companies having operations […]