France’s data protection authority (CNIL) has launched consultations on a Transfer Impact Assessment draft guide, Denmark's DPA (Datatilsynet) has advised on data breach scenarios, Austrian DPA (DSB) has published a FAQ on cookies and data protection.

CNIL has published a draft guide for conducting Transfer Impact Assessments (TIA) for data transfers outside the European Economic Area. According to the official press-release, the guide “constitutes a methodology, a checklist, which identifies various elements to be considered when carrying out a TIA. It gives indications on how the analysis can be carried out by following the six steps set out in EDPB’s recommendations, and points to the relevant documentation. It does not constitute an evaluation of the laws and practices in the third country and risks related thereto.

This guide is organised in six different steps to be followed to carry out a TIA:

Know your transfer
Document the transfer tool used
Evaluate the legislation and practices in the country of destination of the data and the effectiveness of the transfer tool
Identify and adopt supplementary measures
Implement the supplementary measures and the necessary procedural steps
Re-evaluate at appropriate interval the level of data protection and monitor potential developments that may affect it”

The draft consultation period closes 12 Feb. Click here for more details.

***

The Danish Data Protection Authority (Datatilsynet) has analysed 10 typical data breaches and published a guidance with concrete proposals on how they can be avoided.

According to the official press release, “The guidance is particularly targeted at employees who have the opportunity to influence the organisation’s rules, procedures, training and other awareness activities and technical setups in IT environments in order to thereby protect the organisation against these typical breaches of personal data security. Anyone who often works digitally with personal data can, however, benefit from a focus on the described scenarios, as these types of breaches account for a very considerable proportion of the breaches that are reported to the Danish Data Protection Authority each week”.

Click here for more details.

***

Austrian DPA (DSB) has published a FAQ on cookies and data protection. It covers 14 questions altogether, including “What do you basically mean by cookies?”, “Are cookies personal data?”, What is a cookie banner and do I need a cookie banner for my website?”, How must a cookie banner be designed so that effective consent is given?”, etc.

Click here for more details.

France’s data protection authority (CNIL) has launched consultations on a Transfer Impact Assessment draft guide, Denmark’s DPA (Datatilsynet) has advised on data breach scenarios, Austrian DPA (DSB) has published a FAQ on cookies and data protection.

France’s data protection authority (CNIL) has launched consultations on a Transfer Impact Assessment draft guide, Denmark’s DPA (Datatilsynet) has advised on data breach scenarios, Austrian DPA (DSB) has published a FAQ on cookies and data protection.

Related blog posts

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.

DP News – Week 15. Norwegian DPA imposed a 20 million NOK fine, Denmark’s DPA updated data transfer guidance for third countries, France’s DPA fined retail chain for unsolicited marketing.