🔥 热搜 🔥
百度今日热点微信公众平台贴吧opggdnf私服百度贴吧知乎dnf公益服百度傻逼
分类
社会娱乐国际人权科技经济其它
🔥 热搜 🔥
上海习近平新疆鄂州父女瓜乌鲁木齐疫情H工口小学生赛高习明泽芊川一笑图包印尼排华
分类
社会娱乐国际人权科技经济其它
查看原文
其他

当DPO可能成为吹哨人时,公司该怎么做GDPR下的风险管控?

陈立彤 合规 2022-03-20

大成Dentons德国柏林办公室合伙人、GDPR专家Christian Schefold于11月份到访中国,就GDPR专题与我们的“网络安全与数据治理”团队就相关专题在北京、上海、珠海以及深圳做了巡回演讲、客户拜访。在前述过程中,Christian Schefold以其深厚的理论基础及丰富的实务经验分享了很多干货,比如:


  • 企业在欧盟多个国家有业务点时,如何做forum shopping(地点选择),从而在监管最友善的国家设定该公司的欧盟总部?
  • 企业在欧盟多个国家(比如国家A、国家B、国家C)有业务点,公司是设定一个DPO,还是设定几个DPO
  • 什么是server hotel? 如何把它与data controller以及data processor区分开?
  • 企业的DPO携器自重,不配合企业统一、正常的业务管理,企业如果要辞退他可能导致该DPO的举报,那么该企业该如何做风险管控——在合法合理辞退该DPO的同时让他不会去举报;即使去举报,企业也会安然无恙?
  • 其他一些实务话题


成功弹劾≠特朗普下台

成功弹劾≠特朗普下台


这些话题,我们在以后的业务交流中,会与大家进一步交流。回答题述问题「当DPO可能成为GDPR下的吹哨人时,公司该怎么做风险管控?」,简单地来说就是找我们哈😊。


今天我们推出大成欧洲The Data Privacy Team所推出的Newsletter,里面就GDPR以及其他相关内容提供了第一手参考资料,供大家参考。如果贵司对里面的详情需要进一步了解的,请邮件至info@compliance.com.cn,同时抄送henry.chen@dentons.cn。我们将把相关材料发给您。






Data Privacy Team Newsletter  December 2019


German constitutional court upholds the right to be forgotten (RTBF)

Germany’s Federal Constitutional Court, the Bundesverfassungsgericht, issued a pair of rulings on right-to-be-forgotten cases. In the first case, the court determined search engines must find a balance between the public’s right to information and an individual’s ability to live without impairment due to past events. The case centered on a man who claimed his life was hampered by search engines listing a murder case he was involved in 30 years earlier. 


Hungarian competition authority imposes a € 3.6 mln fine on Facebook 

The Hungarian Competition Authority, the GVH, fined Facebook Ireland 3.6 million euros for alleged violations of the country’s competition law, the largest it has ever administered for a consumer protection case. While users do not have to pay to use Facebook’s services, the GVH found the tech company still receives financial benefits from users’ data. Facebook states on its homepage that its services are free of charge; however, the GVH ruled these claims are untrue as the company gathered and sold user data for targeted advertisements.  


China’s digital courts: AI judges and verdicts via chat apps

China is encouraging digitization to streamline case-handling within its sprawling court system using cyberspace and technologies like blockchain and cloud computing, the country’s Supreme People’s Court said in a new policy paper. The efforts include a “mobile court” offered on popular social media platform WeChat that has already handled more than 3 million legal cases or other judicial procedures since its launch in March, according to the Supreme People’s Court.


California Consumer Privacy Act to take effect 01 January 2020

The California Consumer Privacy Act (CCPA) is “the first consumer privacy act in the country,” as one California legislator put it. No other US state has provided its citizens with GDPR-like protections, which include a transparency right that requires companies to inform consumers about the data collected and shared, and gives them a right to access,  to delete, and to opt-out. The law forces companies to provide more information to consumers about what’s being done with their data and gives them more control over the sharing of their data. 



New privacy law can turn India into “Orwellian State” Justice Srikrishan warns

Justice BN Srikrishna, who led the committee that drafted the Personal Data Protection Bill (PDP), said the bill placed in Parliament on Wednesday, which allows the Centre to exempt its agencies from some or all provisions, is “dangerous” and can turn India into an “Orwellian State”. The government could exempt its agencies from rules that govern processing of personal data citing national security, public order and friendly relations with foreign states. However, this will be subject to procedures, safeguards and oversight mechanism of the respective agency.


Wiewiórowski confirmed as new EDPS

Wojciech Wiewiórowski has officially been confirmed as the new European Data Protection Supervisor. Wiewiórowski had served as assistant supervisor during the 2014–19 mandate under Giovanni Buttarelli, who died earlier this year. “I am delighted to have been selected as the new EDPS and look forward to continuing my work with the dedicated and talented team of individuals that make up this small but incredibly important institution,” Wiewiórowski said.


The first GDPR fine in Poland partially overturned


In March 2019 Bisnode, a business data broker, was fined (ca. € 220,000) for failing to comply with the art. 14 GDPR information obligation i.e. failing to inform ca. 6,6 mln data subjects that the company had been processing their personal data. Two days ago, the Administrative Court in Warsaw partially overturned this decision. 
 
The court ruled that when Bisnode collects information from public registers, the information obligation (art. 14 GDPR) extends only to those individual persons (data subjects) who are either actively involved in business activities or those who suspended their business activity temporarily. Consequently, the court contended that individual persons (data subjects) who used to conduct business activities and no longer do so but whose data is still available in the public registers do not need to be informed that their personal data is being processed by data brokers such as Bisnode.
 
The court reasoned that the provision of this information to individual persons who no longer conduct business activities would prove either impossible or involve a disproportionate effort pursuant to art. 14(5)(b) GDPR simply because these data subjects may be difficult or impossible to find. The verdict is not binding. The court now has two weeks to publish its official reasoning but some already claim that this decision seems to contradict the principle of data accuracy enshrined in art. 5(1)(d) GDPR.

Thank youJ

The Data Privacy Team


点击“阅读原文”报名「赋能证书培训」风险与合规审计官、合规管理体系审核员

您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存