Does your business collect personal information from residents in California? Does it monitor user activity on its website? If so, there is a good chance it will need to comply with the California Consumer Privacy Act (“CCPA”), which takes effect January 1, 2020.

Following the European Union’s implementation of GDPR, California adopted the CCPA, which

While we have yet to see much in the way of major changes (or punishment) following the massive Equifax data breach last year, there are many changes being introduced at the state level with regard to breach notification, penalties, whether or not credit reporting agencies can charge you for freezing your credit, and consumer rights

See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017.

  • Are you a contractor within the meaning of European Regulation on data protection?
  • Are you subject to EU regulation on data protection?
  • What is the main change introduced by the European regulation for contractors?
  • What are your obligations as of

The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

CNIL created a PIA Infography to outline the main principles. Keep

The Article 29 Working Party published two Guidelines related to GDPR:

Guidelines on Personal data breach notification under Regulation 2016/679, wp250

Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251

The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.