The Spanish data protection authority – AEPD – has published a Model Data Protection Impact Assessment ‘DPIA) Report for the Private Sector. it includes the factors that must be taken into account by the private sector in order to perform a DPIA, including the description of the data processing activity, its purpose and legal basis, […]
This guidance is intended to assist the users of these recording devices in determining whether they are a ‘controller’ with obligations under data protection law, or whether their actions fall within the personal or household exemption.
The draft recommendation is addressed to private and public bodies as soon as they carry out the read and/or write operations on a user’s terminal referred to in Article 82 of the French Data Protection Act. The recommendation is not intended to be prescriptive. Its main purpose is to provide practical recommendations on how to operationally translate legal requirements […]
The standard processor agreement has been adopted by the Danish SA pursuant to art. 28(8) GDPR and aims at helping organisations to meet the requirements of art. 28 (3) and (4), given the fact that the contract between controller and processor cannot just restate the provisions of the GDPR but should further specify them, e.g. with regard to the assistance provided by the processor to the controller.