News, research and insight into the latest developments in legal research and education
In three-month time, the General Data Protection Regulation (GDPR), will become applicable to many, if not all, data processing activities to which living individuals can be associated. Businesses operating in Europe have had about two years to prepare for this change. As readers know, even if the GDPR is a lengthy piece of legislation, additional interpretative guidance is very much welcome to create and aid understanding about the ‘links’ between key concepts arising across the different pieces of the legislative ‘jigsaw’. The influential EU Article 29 Data Protection Working Party (Art. 29 WP) has therefore been working hard these past few months to give context to some of the most important GDPR requirements: e.g. by publishing guidelines on issues such as data protection impact assessment, data protection officers, the right to data portability, automated individual decision-making and profiling, personal data breach notification, consent, and transparency.