Weekly Newsletter: 8 March – 12 March 2021
GDPR EU Representative

March 15, 2021

A Temporary Solution for Data Protection and Digital Trade

[#Brexit #Tradecooperationagreement #NonEUcompanies]

“Brexit has raised many questions regarding the future of data protection and digital trade. Whilst the UK’s incorporation of the General Data Protection Regulation (GDPR) into domestic law in January 2020 eased some uncertainty, questions remained open, in particular the status of data transfers from the European Economic Area (EEA) to the UK.

Given the importance of digital trade to the economic future of both the EU and the UK, it was crucial that the Trade and Cooperation Agreement (TCA), signed on December 24, 2020, would facilitate frictionless digital trade post-Brexit. […] Takeaways […]

Organisations should be aware that the TCA does not change their obligations to (1) appoint a representative in the EU or UK, if they do not have a company established in either jurisdiction; and (2) update their privacy notices to reflect the reality of current data transfers.“

To read more: Click here.

Information rights after the end of the transition period – Frequently asked questions 

[#Brexit #ICO #UKRepresentative] UK data protection after Brexit: have a look at the ICO’s very useful list of Frequently Asked Questions!

For example : “What is the Frozen GDPR and when does it apply?

” The term ‘Frozen GDPR’ is not an official title […] However, we think it’s a useful label to help you understand this part of the data protection regime. The Frozen GDPR is the EU GDPR almost exactly as it existed on 31 December 2020. […]

When the UK left the EU, the UK government agreed that this ‘frozen’ version of the EU GDPR would continue to apply to some types of non-UK personal data. […]

EDPB guidelines continue to be relevant to the Frozen GDPR. From 1 January 2021, the Frozen GDPR may apply in the UK to the processing of personal data of individuals located outside of the UK (whether they’re located in the EU or anywhere else in the world) […] if:

– it was processed in the UK under the EU GDPR before 1 January 2021 (known as legacy data);
– or it’s being processed in the UK on the basis of the Withdrawal Agreement […]”

To read more: Click here

European Banking Authority hit by Microsoft Exchange hack

[#Microsoft #Cybersecurity #Europeanbankauthority] 

“The European Banking Authority’s email servers have been compromised in a global Microsoft Exchange cyber-attack. The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage. […]

Microsoft Exchange servers are widely used for email by major businesses and governments. But few organisations have yet admitted being hit by the attack.

US officials warned at the weekend the attack remained an “active threat”. […]

Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack. But China denies any involvement. […]

For the everyday reader, you’d be forgiven for scrolling past this as “just another cyber-security crisis”. […] But the Microsoft Exchange Hack is itself extremely serious for different reasons. […] Some small government agencies may be affected, but the victims here are a far more diverse pool of organisations from large banks to small businesses.”

To read more: Click here

CEO Says Fire Has Destroyed OVH’s Strasbourg Data Center (SBG2)

[#OVH #Datacenter #Cloudproviders]Major French data center down

“A fire early Wednesday morning destroyed one of OVH’s Strasbourg data centers and part of a second one, the French cloud provider’s CEO, Octave Klaba, wrote in a tweet. […]

“Update 5:20[am]. Everybody is safe. Fire destroyed SBG2. A part of SBG1 is destroyed. Firefighters are protecting SBG3. no impact SBG4. ” [Octave Klaba tweet]

[…] Commenting on the CEO’s tweets, a number of OVH customers complained about their applications being down as a result of the fire. Many commenters expressed concern about safety of people at the data center. […]

Among cloud providers that aren’t the big three (AWS, Azure, and Google Cloud), OVH is one of the more popular ones. Most of its 27 data centers are in Europe, with some in North America and Asia Pacific.”

To read more: Click here

Italian government body fined for data breaches while investigating Covid-19 relief scandal

[#ItalyDPA #GDPRFines #INPS #Covidbonus] 
“Italy’s social security and pensions agency Istituto Nazionale della Previdenza Sociale (INPS) has been ordered to pay €300,000 for contravening privacy protection laws when investigating politicians claiming state aid during the coronavirus crisis. […]

A public outcry ensued after the La Repubblica newspaper reported last August that the agency’s anti-fraud unit discovered five MPs and 2,000 regional or local politicians had claimed the government’s ‘Covid bonus’ of up to €1,000/month to help VAT-registered self-employed people through the early stages of the pandemic. […] the methods employed by the INPS were subsequently investigated by the Italian Data Protection Authority Garante. […]

[…] the DPA said it found numerous critical issues in the methods used by the agency. Garante concluded INPS had failed to define the criteria for processing data of some applicants of the Covid bonus; used unnecessary information for control purposes; used incorrect or incomplete data; and inadequately assessed the privacy risks.”

To read more: Click here

Industry gauges future of Privacy Shield replacement

[#Privacyshield #SchremsII #Standardcontractualclauses] 
“Privacy professionals continue to wait for news on a replacement for the EU-U.S. Privacy Shield after it was struck down by the Court of Justice of the European Union in its “Schrems II” ruling last summer.

Recent reports suggest it may not be anytime soon. European Union Justice Commissioner Didier Reynders said a Privacy Shield replacement is likely years away, citing the challenges in finding a data transfer deal that would protect European citizens’ data from U.S. intelligence agencies. […]

“There are these prompts that are really pressing and unless there’s a fundamental shift in U.S. law, I don’t see a lot of these suggestions really cutting it on the European side,” Schrems said. […]

“Finalizing the Privacy Shield enhancement is a priority of the administration because it not only addresses the Privacy Shield/’Schrems II’ issues, but it will also steady the ground under standard contractual clause transfers. […]””

To read more: Click here