Tag: data protection
12. September 2018
On September 5 2018, the new data protection law (“Law of 30 July”) was published in the Belgian Official Gazette (“Belgisch Staatsblad”) and entered into force with this publication.
After the “Law of 3 December 2017”, which replaced the Belgian Privacy Commission with the Belgian Data Protection Authority (“Gegevensbeschermingsautoriteit”), the Law of 30 July is the second law that implements the General Data Protection Regulation (GDPR).
The laws regulate various essential areas of data protection. New regulations are for instance, the reducing of the age of consent from 16 (as regulated in GDPR) to 13 years old for information society services or the requirement to list persons who have access to genetic, biometric and health-related data. Therewith, Belgium has also made use of the possibility to deviate from the GDPR in different scopes.
With the law of 30 July, Belgium has thus completed the incorporation of the GDPR into national law. The Law is available in French and Dutch.
5. September 2018
From September 2019, there will be stricter rules for the protection of personal data in Singapore hence the collection, use and disclosure of NRIC numbers of individuals and making copies of their NRIC cards will be illegal for organisations.
In the past years, it was not unusual for shopping malls and other places to collect the NRIC number of a customer for instance when registering for memberships.
From the unique section of numbers and letters of the Singapore National Registration Identification Card (“NRIC”) an individual can be precisely identified. Therefore, the NRIC number is considered personal data. Besides the number, the physical NRIC card contains the individual’s full name, photograph, thumbprint and residential address.
Apart from the prohibition of collecting, using and disclosing of NRIC numbers it will also be generally forbidden to collect, use or disclose individual’s birth certificate numbers, foreign identification numbers and work permit numbers. Exemptions are regulated in the new PDPC guidance (issued 31 August 2018) and will only apply where it is required by law or when it is necessary to verify an individual’s identity ”to a high degree of fidelity” (e.g. transactions involving healthcare).
If an organisation already collected those data they should proof whether they need to retain the numbers or not. In case they need to keep the data they have to ensure that there is adequate protection or they should anonymise the NRIC. The new regulation does not apply to the government or public agencies or organisations acting on its behalf, but organisations can be fined up to $ 1 million for disobeying the act.
3. September 2018
The data protection authority in turkey has announced in his decision 2018/88 starting dates to register as a data controller on VERBIS prior to processing personal data, the online registration system VERBIS can be found on the homepage of the Turkish data protection authority.
Earliest starting date for the registration process will be the 1st of October 2018.
Following start dates have been announced
a) 1st of October 2018 – 30th of September 2019, for data controllers that employ more than 50 employees and whose annual financial statement exceeds TRY 25 million
b) 1st of October 2018 – 30th of September 2019, for data controllers established outside of Turkey
c) 1st of January 2019 – 31st of March2019, for data controllers that employ less than 50 employees, whose financial statement does not exceed TRY 25 million, but whose core business includes the processing of sensitive data
d) 1st of April – 30th June, for public institutions and organizations that act as data controllers
Data controllers should take the necessary action and register with VERBIS during the applicable period.
4. April 2017
After the Brexit, keeping data by the UK companies and organizations is expected to become more certain locally than globally.
Elizabeth Denham, the UK’s Information Commissioner, recently commented before the House of Lords EU Home Affairs Sub-Committee, that the UK should apply to the European Commission for a full “adequacy” decision in terms of proving the adequate data protection measures as UK will become soon a non-EU country.
British government comments on the free trade deal with these words: “no deal for the UK is better than a bad deal for the UK”.
In the context of Brexit, it is crucial for the industry of the UK to keep the data-flows unhindered though.
British politician David Davis indicates that the UK and EU are now on their way to find and maintain equivalence (and not identity) in their relations (especially when it comes to business) in order to keep up their common interest.
Even though Davis is not using the “adequacy” term in his speech, this is what the UK technology industry is asking for.
Government assures that if no accord in that matter will be reached, there are still many alternatives to adequacy.
Pages: Prev 1 2 3 4 5 6 7 8 9 
