The Article 29 Working Party ("WP29") has recently adopted new General Data Protection Regulation ("GDPR") Guidance, this time focusing on Data Protection Impact Assessments ("DPIAs"). The Guidelines aim to clarify when a DPIA is required and provide criteria for the lists of the kind of processing operations which are subject to the requirement for a DPIA, to be adopted by Data Protection Authorities under Article 35(4) of the GDPR. Although the guidance has been formally “adopted”, the WP29 is welcoming comments from stakeholders until 23 May 2017, so it is possible that elements may be modified in the near future. The guidance is significant as it represents EU data protection authorities’ collective interpretation of this important new compliance requirement. Any comments on the guidelines can be sent to the following addresses: JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr by 23 May 2017. What is a Data Protection Impact Assessment? DPIAs are not a formal requirement … Continue Reading ››
The current data protection landscape in Indonesia Until recently, Indonesia has had a largely patchwork approach to personal data protection. There is not currently a singular comprehensive data protection law or regulation; nor, for example, are there any regulations specifically addressing cookies and location data. Overall, the scattered guidance is found in regulations relating to employees; banks; criminal procedures; human rights; health; financial services; and the more detailed Electronic Information and Transactions Law (Law No. 11 of 2008) ("EIT Law") and its implementing regulations, among others. In 2012, Indonesia passed Government Regulation 82 ("GR82"), implementing various aspects of the EIT Law but with a key focus on ensuring that electronic system operators for "public services" use Indonesia-based data-centres. The scope of "public services" is still somewhat unclear but it has the potential to cover both government organisations and certain public-facing private sector businesses (which may include certain organisations in banking, insurance, health, … Continue Reading ››