El Reglamento General de Protección de Datos (RGPD) en su artículo 37.2, menciona la posibilidad de nombrar un Delegado de Protección de Datos (DPD) para un grupo empresarial, siempre y cuando este sea accesible desde cada establecimiento. Bajo esta premisa, entendemos que nombrando un DPD para el grupo se encuentra surtida la obligación. Sin embargo, […]
Lyz Veronica Llamas
Posts by Lyz Veronica Llamas:
Is it a duty to notify the Supervisory Authorities of the appointment of the Data Protection Officer under the GDPR?
The General Data Protection Regulation (GDPR) in article 37.2 mentions the possibility of appointing a Data Protection Officer (DPO) for a business group, provided that the DPO is accessible from each establishment. This article has led to the conclusion that by appointing a DPO for the group the obligation is met. However, it is relevant […]
The Marketing Guide to the GDPR- Video Series
We are proud to present the first chapter of 4 whiteboard videos that focus on the most common issues faced by Marketing Departments regarding GDPR obligations. “The Marketing Guide to the GDPR” contains relatable and comprehensible examples that allow for the viewer to grasp a very broad overview of the impact of personal data in […]
New Rules for the Protection of Whistleblowers
You’ll find a german version here. The Council of Europe announced through a press release on the 7th of October 2019 that it had formally adopted new rules for the protection of whistle-blowers. With the adoption of the “Whistle-blower Directive” across the EU, European private and public organisations have an obligation to make available safe […]
La Agencia Española de Protección de Datos (AEPD) multa a VUELING con 30.000 euros
La AEPD ha multado a VUELING AIRLINES S.L. con 30.000 euros[1] por no haber obtenido el consentimiento adecuado para el uso de cookies en su página web. Con el fin de proporcionar a los interesados la información requerida a efectos de transparencia de conformidad con el artículo 13 del RGPD, la empresa proporciono la información […]
The Spanish DPA fines VUELING with 30.000 EURO
The Spanish data protection authority fined VUELING AIRLINES S.L. with 30.000 Euro[1] for failing to collect appropriate consent for the use of cookies on their website. In order to provide data subjects with the required information for transparency purposes under article 13 GDPR, the company implemented a 2-layer approach: In the first layer, the wording […]
Forum shopping between data protection authorities?
The data protection authority (DPA) of the German federal state of Hamburg recently opened administrative proceedings against Google. It relates to Google’s “Google Assistant” System, the natural language assistant behind the “Google Home” speaker, and transcripts from it. The Belgian public broadcaster VRT NWS recently revealed that recordings from “Google Assistant” were systematically listened to […]
Processing Personal Data in the Context of the Clinical Trial Regulation (CTR), and the General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) has provided a clear guidance on the legal basis for processing personal data when conducting clinical trials. Although the opinion refers specifically to the interaction between the GDPR and the Clinical Trial Regulation (CTR), in this article we summarize the premises applicable for the processing of personal data in […]
Data Protection in the era of Brexit
One of the most controversial matters to be addressed within the context of Brexit, has created uncertainty in the data protection realm. Although United Kingdom is leaving the European Union, there seems to be a general consensus to maintain constant data flows between the UK and the EU. On August 24 2017, the UK government […]
What do They Know, and How are You Being Tracked Online?
We have heard on how companies are tracking our data, and we have a vague idea on where and when our personal data is being gathered. However, corporate surveillance has been in constant development providing more information about a person than ever before. As an internet user, how much do you know about your personal […]
Data protection impact assesment (DPIA)
The most recent document provided by the Article 29 Working Party (29 WP) provides guidelines for further comprehension on when and how to conduct a DPIA. The main goal of a DPIA is to: “describe the processing, assess the necessity and proportionality of a processing and to help manage the risks to the rights and […]