[protecting people by good design, solid security, efficient processes and trusted services]
This is *interesting*. I am not sure if it’s very usable – but certainly captures you.. I would be very interested to learn how many people actually use this tool.
https://www.cnil.fr/fr/reglement-europeen-protection-donnees/dataviz#
There is also some background on it in English at https://linc.cnil.fr/fr/eng-gdpr-dataviz-making
.. and it’s not one of mine.
As probably most of you, I had to prepare quite a few slide decks on the EU General Data Protection Regulation in 2016. These have been very specific to my employer, and unfortunately I can’t share them.
But I also was fortunate to watch and listen to many of you doing your presentations. For example at the IAPP Knowledgenet in Switzerland, and at workshops hosted by IPPC and (ISC)2. And each of them was an opportunity for me to learn.
Looking back, for me the most inspiring presentation was the slide deck “EU General Data Protection Regulation – A workshop for companies in Switzerland” by David Rosenthal published on the Homburger Web Site. – Elegant structure, to the point, with a very natural flow. It’s available under the CC-BY-NC-ND license, along with some other material at http://www.homburger.ch/en/current/publications/dataprotection/
Very recommended reading.
With the General Data Protection Regulation only some days away, it’s not just companies upgrading their privacy management systems – also the Data Protection Authorities are preparing to meet their increased obligations under the new law.
More than a year ago, Prof. Dr. Alexander Roßnagel prepared an expert opinion on the additional workload caused by the GDPR for the German state DPAs (in German): http://suche.transparenz.hamburg.de/dataset/gutachten-zum-zusaetzlichen-arbeitsaufwand-fuer-die-aufsichtsbehoerden-der-laender-durch-d-2017. (in German)
He estimated that each DPA would need in addition to its current staff 12-19 lawyers, 4-5 IT experts, 2 educational and 6 administrative roles. – At the beginning fo 2017, the planned staff increase fell far short of this (49 for the federal DPA, 8 and below for the different states were planned as new positions for 2017). It’s also interesting that he didn’t list separate categories for “privacy managers” or “auditors”. http://www.heise.de/newsticker/meldung/Datenschutzgrundverordnung-bringt-Datenschutzaufsicht-an-Belastungsgrenze-3633498.html
The mechanisms for mutual cooperation between the European DPAs are new and quite complex (Art. 60 – 62), especially as communcations might take place in a variety of languages. Also the consistency mechanism (Art. 63 – 66) might turn out to be quite demanding. – In situations in which the One-Stop-Shop (OSS) approach cannot be applied, the DPAs will first have to jointly determine their respective responsibilities. It will be very interesting to see how these mechanisms will work out.
Paper by Michael Colesky, Jaap-Henk Hoepman and Christiaan Hillen in Security and Privacy Workshops (SPW), 2016 IEEE
http://ieeexplore.ieee.org/document/7527750/
Looks at translation of GDPR legal requirements into privacy friendly designs, privacy design strategies, privacy design tactics and privacy design patterns.
As I find the updated and partly archived Article 29 Working Party news room sometimes hard to navigate, I created a separate page with some selected Article 29 Working Party documents:
https://www.privacydesign.ch/article-29-working-party-opinions-and-guidelines/
Good article by Phil Lee that summarizes the current discussions.
I’m not sure how much “moderation”, you can read in this. – Also, have a look at how they addressed their “cookie notice” on the page.
https://www.cnil.fr/fr/rgpd-comment-la-cnil-vous-accompagne-dans-cette-periode-transitoire
– incl. some details that we didn’t see on their web site yet, e.g.
” CISPE Code of Conduct
The plenary adopted a letter addressed to the Association of Cloud Infrastructure Services Providers in Europe (CISPE) giving substantial feedback on the provisions of CISPE’s code of conduct. ”
(I assume that wasn’t good news for CISPE. )
http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=49935
BvD: Muster-AV-Vertrag für das Gesundheitswesen (DS-GVO) und Umgang mit Altverträgen
https://www.bvdnet.de/bvd-arbeitskreise/arbeitskreis-medizin/