Special Interest Group: GDPR - Peer to Peer Advice

Article 29 Working Party Guidance Documents 

02-07-2018 08:06

Per the previous entry, the Article 29 Working Party is an authorized EU body that provides formal, legal guidance on the GDPR. Essentially, it interprets the GDPR in to specific areas of interest to provide clarity on the various recitals and articles in the GDPR. They are 'must reads' for the DPO's, GC's and CIO's in organizations that fall under the GDPR regulations. (And they are a bit long-winded...but still helpful.)

In addition to the previous entry on WP29 guidance for employers, please find attached:

  • Guidance on Transparency (a CRITICAL component under the GDPR)
  • Guidance on Consent (another critical component)
  • Guidance on Breach Notification (If you thought California and HIPAA were tough, wait until you read this...)
  • Guidance on Data Protection Impact Assessments (For new or modified IT systems. A.k.a Privacy Impact Assessments in the US)

Greg Reid
www.linkedin.com/in/gregoryreid

Statistics
0 Favorited
6 Views
5 Files
0 Shares
9 Downloads
Attachment(s)
pdf file
1. 29WP Data at Work (Employer) Guidance.pdf   960 KB   1 version
Uploaded - 02-07-2018
A repeat from a previous entry. This file describes the GDPR obligations of employers to employees and prospective employees.
pdf file
2. 29WP Transparency Guidance.pdf   715 KB   1 version
Uploaded - 02-07-2018
Transparency is probably the most important fundamental right afforded by the GDPR to EU residents. It is described here.
pdf file
3. 29WP Consent Guidance.pdf   802 KB   1 version
Uploaded - 02-07-2018
Consent is one of the key mechanisms for lawful processing of data on EU residents.
pdf file
4. 29WP Data Breach Notification Guidance.pdf   783 KB   1 version
Uploaded - 02-07-2018
Data breaches of PI must be reported to the Supervisor Authority within 72 hours (Yes, 72 hours) except for certain exceptions. Read about it here.
pdf file
5. 29WP Data Protection Impact Assessment Guidance.pdf   1.09 MB   1 version
Uploaded - 02-07-2018
Building or modifying a system? A DPIA (PIA) may be required. (Note: It's nearly the same as the HIPAA Privacy Impact Assessment, save for processing obligations)

Related Entries and Links

No Related Resource entered.