https://www.cnil.fr/fr/RGDP-le-registre-des-activites-de-traitement
Turkey: DPA fines Amazon over cookies and messaging
160,000 EUR fine.
https://www.marsanerezturan.com/post/amazon-turkey-fine
South Africa – POPIA
Protection Of Personal Information Act, 2013. Act No. 4 of 2013.
https://www.justice.gov.za/inforeg/docs/InfoRegSA-POPIA-act2013-004.pdf
POPIA regulations – incl. need for personal information impact assessments:
“Regulations relating to the Protection of Personal Information, 2018”:
https://www.michalsons.com/wp-content/uploads/2017/11/PoPI-Regulations-Final-14-Dec-2018-3-languages-42110_14-12.pdf
EDPB: Guidelines 05/2020 on consent under Regulation 2016/679
Deutsche Wohnen – followup/details on fine
Inhaltsprotokoll – DIT Ausschuss Land Berlin
https://www.parlament-berlin.de/ados/18/KTDat/protokoll/ktd18-027-ip.pdf
Data deletion concepts (Datenlöschkonzepte) – in German
Corresponding SDM-Baustein (in German):
https://www.datenschutz-mv.de/static/DS/Dateien/Datenschutzmodell/Bausteine/SDM-V1.1_60_L%C3%B6schen_V1.0_uagsdmbs_final.pdf
Context on DIN 66398
https://www.datenschutzbeauftragter-info.de/din-norm-66398-die-entwicklung-eines-loeschkonzepts/
Web site on the related German DIN 66398 standard
https://www.din-66398.de/inhalt/index.html
Link to the free preview version
https://www.secorvo.de/publikationen/din-leitlinie-loeschkonzept-hammer-schuler-2012.pdf
Article by the editor
https://www.secorvo.de/publikationen/din-66398-hammer-2016.pdf
Presentation
https://www.dfn-cert.de/dokumente/ds_workshops/Datenschutzkonferenz2017/Folien_Hammer.pdf
Example Vorlage Löschkonzept (googled..)
https://www.sage.com/de-de/-/media/files/sagedotcom/germany/documents/pdf/support-und-service/dsgvo/vorlagen/loeschkonzept_dsgvo.pdf?la=de-de&hash=7F44CEC682912EEBD950F276BA510CFD
BYOD best practices by CNIL
pdsk.ch live
My new other web site.. 😉
Pdsk.ch
DPA Ireland: A Practical Guide to Personal Data Breach Notifications under the GDPR
Includes Case Studies
[..] “This guidance was produced following an analysis of the trends and statistics observed by the Data Protection Commission (DPC) during the first year of the GDPR mandatory breach reporting regime. The statistics and trends analysed covered data breach notifications received in the first year since 25 May 2018, the details of which are set out in a separate information note on breaches trends and statistics published by the DPC.”
https://www.dataprotection.ie/en/guidance-landing/breach-notification-practical-guide
Deep link (October 2019)
https://www.dataprotection.ie/sites/default/files/uploads/2019-10/Data%20Breach%20Notification_Practical%20Guidance_Oct19.pdf
DPA Ireland Guidance Notes: Legal bases for processing Personal Data
December 2019
“If processing of sensitive ‘special category’ data is necessary as part of performing the contract, controllers will also need to identify a separate exception to the general prohibition of processing such data, because contractual necessity alone does not fulfil the requirements of Article 9 GDPR. Thus, as with all processing of such special category data, the controller will need both a legal basis – in this case, necessary for the performance of a contract – as well as fulfilling a condition under Article 9(2) which allows for the processing that type of personal data – such as the fact that the data have been ‘manifestly made public’ or the processing is necessary to establish, exercise, or defend a legal claim.”
https://www.dataprotection.ie/sites/default/files/uploads/2019-12/Guidance%20on%20Legal%20Bases_Dec19.pdf