Guidance from the U.K. Information Commissioner's Office and the Netherlands' Autoriteit Persoonsgegevens limiting the response period for data subject requests "imposes unreasonable burdens on organizations in the midst of a large security breach," Morrison & Foerster Partner Alja Poler de Zwart writes. The guidance is also not in line with that of other authorities and the legislative history of the EU General Data Protection Regulation, she writes, arguing “it is high time the European Data Protection Board provides uniform guidance.”
Full Story
Comments
If you want to comment on this post, you need to login.