The Article 29 Working Party has released updated guidelines on automated decision-making, profiling and data breach notification under the EU General Data Protection Regulation. The Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 cover definitions, general provisions on both, specific provisions "solely on automated decision-making defined in Article 22," children and profiling, and data protection impact assessments and data protection officers. The Guidelines on Personal data breach notification under Regulation 2016/679 explain the requirements under the GDPR and "some of the steps controllers and processors can take to meet these new obligations." Finally, the WP29 has opened up a comment period for its guidelines on the accreditation of certification bodies under the GDPR (link is behind registration). The period is open until March 29. Editor's Note: David Meyer reported on whether the WP29 misinterpreted automated decision-making for The Privacy Advisor.
If you want to comment on this post, you need to login.