ResourceCenter

This paper by Rachel Masterton seeks to evaluate the additional obligations of the GDPR that will live on in the U.K. beyond its departure from the EU and what the U.K. government could do to relieve some of those requirements. Reviewing case law surrounding data transfers, it addresses the key messages from such judgments and their impact on processing going forward. It also draws on the musings of thought leaders in the arena of data protection and attempts to provide direction to the delibera... Read More

De Brauw Blackstone Westbroek and Iron Mountain partnered to release this guide that is part of the European Document Retention Guide of 2014. The guide gives you an overview of the regulations governing record retention and the relevant legal issues.View PDF (546 KB)... Read More

The French data protection authority, the CNIL, released this report which identifies ethical concerns raised by algorithms and artificial intelligence, as well as possible solutions for addressing them.View PDF (1.11 MB)... Read More

Marketo released this GDPR Addendum as a supplemental for existing marketing automation services agreements with Marketo customers. The addendum sets out the terms that apply when personal data is processed by Marketo.View PDF (2.3 MB)... Read More

This paper, published by Springer, examines the GDPR's data protection impact assessment provisions in detail and examines ways for their successful implementation. It proposes a process which operationalizes established requirements ensuring the appropriate attention to fundamental rights as warranted by the GDPR, incorporates the legislation’s new requirements and can be adapted to suit the controller’s needs.View PDF (1.8 MB)... Read More

Ernst & Young published this document which uses data sets and graphics to display how different organizations are implementing and complying with the GDPR.View PDF (914 KB)... Read More

The Office for Civil Rights of the U.S. Department of Health and Human Services has released this guidance for researchers, including information on the 21st Century Cures Act of 2016 mandate and guidance on sufficient descriptions of purpose of a use and authorizations for future use, revocation of authorizations, and expiration of authorizations. (June 2018)Read Now (PDF 486KB)     ... Read More

Bob Siegel, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIPPrivacy Ref Part of the IAPP's Privacy 101 white paper series. As an organization, you have obligations to your customers and other stakeholders to protect their personal information. Some obligations are regulatory, some by statute, some by contract, and some simply due to public expectations. This white paper outlines six ways that establishing a privacy awareness training program will help your team to think about privacy and me... Read More

Third Edition The newly updated edition of Canadian Privacy: Data Protection Law and Policy for the Practitioner is crucial for anyone responsible for information risk management, information security, information auditing or legal compliance for clients or organizations based in Canada or subject to Canadian jurisdiction. It includes a new chapter on information security, Big Data and artificial intelligence, as well as the latest details of notable Canadian data protection laws, including: ... Read More

DPO Handbook: Data Protection Officers Under the GDPR by Thomas Shaw, CIPP/E, CIPP/US, provides a comprehensive view of all aspects of the role of Data Protection Officers (DPOs) under the EU’s new General Data Protection Regulation (GDPR), starting with a look at how organizations determine whether they need a DPO, defining the skills required for the role, and discussing how to source this skillset. The book then describes in detail the various tasks a DPO performs starting from their first ... Read More