Barizi Data Privacy Services’ Post

Join us on Tuesday 5 November for the next instalment in our data protection webinar series, where we’ll be exploring best practices for handling subject access requests and discussing the latest legal developments in this area. As people become more aware of their rights, organisations are seeing a notable rise in subject access requests, ranging from simple to highly complex cases often tied to consumer disputes or employment claims. This webinar will provide crucial insights from recent case law, as well as practical guidance for efficiently managing these requests. Find out more and sign up here: https://lnkd.in/eN3YQjhY #DataProtection #SubjectAccessRequests

Do you ever wonder how the Information Commissioners Office (ICO) decides to issue penalties and the process they go through when calculating fines under data protection law? Wonder no more as they’ve published guidance on this to give transparency for organisations: #ico #dataprotection #dataprivacy

Not all #data is the same. Today's #PrivacyEssentials sheds some light on "special categories of data," as the #GDPR calls it, or "#Sensitive Personal Information" under #CCPA. While the legal differences seem manageable, you should be aware that #compliance efforts and enforcement risks may vary. Make sure that your #privacy program is up to the task!

Summary of the PDF: Guidelines 01/2023 on Article 37 Law Enforcement Directive Executive Summary: The guidelines provide guidance on Article 37 of the Law Enforcement Directive (LED), focusing on the legal standards for appropriate safeguards in data transfers by EU Member States' law enforcement authorities to third countries or international organizations. The guidelines highlight that transfers must ensure an essentially equivalent level of data protection as within the EU. They emphasize that legally binding instruments should take precedence over assessments by controllers for data transfers, offering more legal certainty and consistency. Key Points: Essential Elements of Appropriate Safeguards: Defines "transfer" and includes various scenarios such as direct transfers, transfers via intermediaries, and access to national databases by third countries. Emphasizes the need for lawfulness and compliance with general principles and specific legal frameworks for transfers. Highlights the two ways to establish appropriate safeguards: legally binding instruments and self-assessments by controllers. Article 37(1)(a) LED: Stresses the importance of legally binding instruments that regulate personal data transfers, ensuring an essentially equivalent level of protection. Discusses the content and advantages of legally binding instruments, such as providing a clear and structured basis for data exchange and reducing accountability burdens for controllers. Article 37(1)(b) LED: Allows data transfers based on appropriate safeguards assessed by the controller in the absence of a legally binding instrument. Emphasizes that this approach should be used cautiously and only after ensuring no adequacy decision or legally binding instrument exists. Assessing Transfers: Details how to assess all circumstances surrounding data transfers, considering risks to data subjects' rights and freedoms. Provides guidance on categorizing transfers and determining if existing safeguards are appropriate. Supervisory Authorities: Encourages competent authorities to inform data protection authorities about data transfers regularly. Supervisory authorities should review the implementation of legally binding instruments and ensure compliance with data protection requirements. Interplay with International Agreements: Discusses the relationship between existing international agreements and Article 37 LED. Emphasizes the need to review and amend agreements to align with LED requirements. Specific Guidelines: Provides detailed guidelines on what constitutes a legally binding instrument and the essential elements it must contain. Recommends specific content and additional tailor-made clauses to enhance data protection during transfers. https://lnkd.in/eujzk3xf #LAW #EDPB #Guidelines #DataProtection #LawEnforcementPrivacy #DataProtection European Data Protection Board

In light of the recent changes, what steps should be taken when transferring personal data? With secondary legislation, the standard contracts and BCR application forms, the legislative steps of the reform of the Personal Data Protection Law No. 6698 are now complete. Check out our article to find out the steps to be taken to ensure compliance, and the challenges to be faced in the process.

The Regulation on the Transfer of Personal Data Abroad (in parallel with the recent amendments to the Personal Data Protection Law) sets out the details of the transfer of personal data abroad. For detailed information on the subject, please review our Newsletter prepared by our Partner Batuhan Sahmay and Senior Associate Özlem Özdemir Yılmaz and Associate Nazlım Meriç. #BenerLawOffice #dataprotection

The ICO has recently published updated guidance on how the Information Commissioner will make a decision about whether to issue a penalty notice for infringements of data protection law and how the amount of any fine will be determined. I share my thoughts on the new fining guidance in the latest edition of the Solicitors Journal: https://lnkd.in/e3__BNDh

Understanding and complying with the specific regulations in each jurisdiction is crucial for businesses that operate globally or collect and process personal data from individuals in different regions. It's essential for data controllers to stay informed about the evolving legal landscape to ensure proper compliance with the data protection laws relevant to their operations.

❗New Court decision on Data Protection from #Tanzania ❗ The Court declared 22(3), 23(3)(C) and (e) of the Personal Data Protection Act of 2022 #vague #ambigous #unclear and may lead to #LegalUncertainty 1. #LegalCertainty vs. #UnlawfulMeans The decision reached by the High Court two days ago (08.05.2024) on the above provisions which prohibits the collection of personal data by #unlawfulMeans. Yet, the law does not define what constitutes #unlawfulMeans. Reasoning: Without providing or at least illustrating what 'might' constitute #unlawfulmeans, the law creates a room for legal uncertainty. 2. #PrivacyProtection The Court also found that exemptions to the processing of personal data in #AbsenceOfConsent where obtaining consent i. is reasonably impractical; or ii. would prejudice the lawful purpose of the collection, limits the right to the #ProtectionOfPrivacy. Reasoning: i. The law fails to illustrate circumstances in which compliance is not reasonably practicable, at least in general terms. ii. What constitute 'compliance would prejudice the lawful purpose of the collection' is too vague. The Court Noted, while it may be difficult to list or contemplate all circumstances in this regard, It is NOT impossible to do it. Accordingly, the Parliament was tasked to amend the said provisions within a year of this decision, if not they will be 'deleted' from the law. Happy reading!

Intellectual Property Partner, Deborah Niven shares three reasons why you should keep your data protection in order. Deborah provides useful information which includes: The repercussions of data protection failures, including reputational damage and legal consequences. Conducting audits of current practices to ensure compliance with data protection laws. Practical steps to maintain compliance Connect with Deborah here: https://bit.ly/3WDkGSn --- To subscribe to our mailing list to receive the latest legal news and insights, click here: https://bit.ly/4aC4eFg