According to an opinion issued by the European Data Protection Board, businesses looking to process biometric, genetic or location data do not have to automatically conduct a data protection impact assessment first in order to comply with the EU General Data Protection Regulation, Out-Law.com reports. The opinion differs from guidance offered by the U.K. Information Commissioner’s Office, and while the ICO is not required to update its guidance, it will need to justify the reason for not doing so if it chooses to. In a statement, an ICO spokesperson said it is "considering the European Data Protection Board’s recommendations and will provide a response in the coming weeks."
Full Story
1 Comment
If you want to comment on this post, you need to login.