Support Centre

Dashboard

Essential regulatory information to power your privacy and security programs.

Leverage the OneTrust DataGuidance platform to access in-depth research, information, insight and perspectives on the world’s evolving list of global privacy regulations.

Privacy Today

The Data Protection Commission ('DPC') issued, on 22 May 2020, a statement ('the Statement') on its inquiries into 'big tech' companies.

The Office of the Data Protection Ombudsman ('the Ombudsman') announced, on 22 May 2020, that the Deputy Data Protection Ombudsman ('the Deputy Ombudsman'), had issued a decision ('the Decision') in which it fined Kymen Vesi Oy €16,000 for failing to undertake a Data Protection Impact Assessment ('DPIA') .

The Office of the Data Protection Ombudsman ('the Ombudsman') announced, on 22 May 2020, that the Deputy Data Protection Ombudsman ('the Deputy Ombudsman'), had issued a decision ('the Decision') in which it fined a company €12,500 for the collection of personal data without a valid legal basis.

The Data Protection Inspectorate ('DPI') published, on 18 May 2020, its annual report ('the Report') for 2019. In particular, the Report outlines, among other things, that it had given its opinion on nine pieces of draft legislation, received 2,343 requests for clarification or information, issued 13 warnings and five fines.

The Berlin data protection authority ('the Berlin Commissioner') published, on 25 May 2020, its updated publications on videoconferencing, as well as a statement ('the Statement') on the same.

The French data protection authority ('CNIL') published, on 26 May 2020, its opinion ('the Opinion') on the draft decree regarding the conditions for the implementation of the StopCovid app ('the Draft Decree'), following its previous

The Office of the Privacy Commissioner for Personal Data ('PCPD') announced, on 25 May 2020, that the West Kowloon Magistrates' Courts had fined Hong Kong Broadband Network Limited a total of HKD 12,000 (approx. €1,410) for six charges of direct marketing violations under the Personal Data (Privacy) Ordinance 1997 as amended in 2013 ('the Ordina

The Polish data protection authority ('UODO') issued, on 21 May 2020, a statement ('the Statement') on the outcome of a webinar ('the Webinar') which took place on 20 May 2020, relating to remote working and data protection.

The Catalan Data Protection Authority ('APDCAT') published, on 21 May 2020, its opinion ('the Opinion') on the control of temperature of employees during the COVID-19 ('Coronavirus') emergency.

The Information Commissioner ('the Commissioner') issued, on 22 May 2020, guidance ('the Guidance') on employers checking staff for COVID-19 ('Coronavirus') symptoms.

The European Parliament announced, on 20 May 2020, that the European Parliamentary Research Service ('EPRS') had issued a briefing ('the Briefing') on EU data protection policy. In particular, the Briefing summarises the European data protection framework and its social, legal, and political importance.

The Jersey Office of the Information Commissioner ('JOIC') issued, on 22 May 2020, a statement ('the Statement') outlining key privacy considerations for employers when returning to work, during the COVID-19 ('Coronavirus') response.

The Office of the Australian Information Commissioner ('OAIC') released, on 21 May 2020, its submission ('the Submission') to the Department of Treasury ('the Treasury') on the Issues Paper for the Inquiry into Future Directions for the Consumer Data Right ('CDR').

The Polish data protection authority issued, on 25 May 2020, a statement ('the Statement') on the exemption of employees to fulfil their information obligation under Article 14 of the General Data Protection Regulation (EU) 2016/679) ('GDPR'), when employees report their family members for health insurance purposes.

The Cyberspace Administration of China ('CAC') released, on 24 May 2020, the National Health Commission's ('NHC') notice ('the Notice') on the construction of smart hospitals, as well as the improvement of appointment diagnosis and treatment system.

The Icelandic data protection authority ('Persónuvernd') announced, on 19 May 2020, that it had issued, on 18 May 2020, an opinion ('the Opinion') on the requirement of the Directorate of Health that self-employed medical practitioners transmit information about their patients for their registration.

The Healthcare and Public Health Sector Coordinating Council ('HSCC') and the Health Information Sharing and Analysis Center ('H-ISAC') released, on 18 May 2020, guidance ('the Guidance') for healthcare entities on ways to manage their cybersecurity tactical crisis response during an emergency, such as the COVID-19 ('Coronavirus') pandemic.

The Federal Ministry of Health ('BMG') announced, on 14 May 2020, that the German Parliament ('Bundestag') had adopted the Second Law for the Protection of the Population during an Epidemic of National Importance ('the Law'). In particular, the Law provides that laboratories must now also notify negative test results and potential areas of infec

The Court of Appeals of Indiana ('the Court of Appeals') issued, on 15 May 2020, its decision ('the Decision') in Haley SoderVick v.

The Joint Human Rights Committee ('the Committee') announced, on 15 May 2020, that it had drafted a bill ('the Draft Bill') to protect the personal privacy of data gathered by the COVID-19 ('Coronavirus') contact tracing app ('the App').

The Healthcare and Public Health Sector Coordinating Council ('HSCC') announced, on 14 May 2020, that it had released its cybersecurity guidance, the Health Industry Cybersecurity Protection of Innovation Capital ('the Guidance'), and is requesting comments on the same.

The Australian Competition and Consumer Commission ('ACCC') launched, on 26 May 2020, the Consumer Data Right Register and Accreditation Application Platform ('RAAP') and published guidelines on the same ('the Guidelines').

Insurance Europe announced, on 25 May 2020, that it had issued an insight briefing ('the Briefing') on the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') two-year anniversary.

The Parliament of the Republic of Moldova announced, on 21 May 2020, that it had approved the draft law on the procedure for detecting violations in the field of anti-money laundering and counter-terrorism financing ('the AML/CFT Law') in the final reading. In particular, the AML/CFT Law aims to ensure the security of the state, the protection o

The Gibraltar Financial Services Commission ('GFSC') published, on 19 May 2020, a statement ('the Statement') on the supervision of anti-money laundering and combatting the financing of terrorism ('AML/CFT') during the COVID-19 ('Coronavirus') crisis.

The Ministry of Finance ('the Ministry') announced, on 21 May 2020, the development of a regulatory framework for financial monitoring.

The Commodity Futures Trading Commission announced, on 20 May 2020, that the Division of Enforcement ('the Division') had issued new guidance outlining the factors it considers in recommending civil monetary penalties and incorporated it into the Division's enforcement manual ('the Enforcement Manual').

The Ministry of Digital Development, Telecommunications and Mass Media of the Russian Federation ('Minsvyaz') announced, on 20 May 2020, that it had launched a service for digital interaction between citizens and banks through the Unified Portal of Public Services.

The Reserve Bank of India ('RBI') published, on 19 May 2020, a statement announcing that it was extending its Know Your Customer Direction, 2016 ('the KYC Direction') to housing finance companies.