Support Centre


Essential regulatory information to power your privacy and security programs.

Leverage the OneTrust DataGuidance platform to access in-depth research, information, insight and perspectives on the world’s evolving list of global privacy regulations.

Privacy Today

OneTrust DataGuidance confirmed, on 21 May 2020, with Grace Lindo, Partner at Nunes, Scholefield, DeLeon & Co., that the House of Representatives of Jamaica, had passed, on 19 May 2020, a bill for the Data Protection Act, 2020 ('the Bill').

The Gelderland Court ('the Court') issued, on 13 May 2020, its judgment on minors' photographs on social media under the General Data Protection Regulation (Regulation (EU) 2016/679).

The Media Institute of Southern Africa Zimbabwe ('MISA Zimbabwe') published, on 19 May 2020, its commentary ('the Commentary') on the gazetted Cybersecurity and Data Protection Bill ('the Bill').

he National Information Technology Authority ('NITA-U') published, on 19 May 2020, a privacy policy ('the Privacy Policy') for the COVID-19 ('Coronavirus') tracing app developed by the Ministry of Health and NITA-U.

The Office of the Commissioner for Personal Data Protection ('the Commissioner') issued, on 20 May 2020, guidelines ('the Guidelines') for higher education institutions on distance learning and student assessment in the context of the COVID-19 ('Coronavirus') pandemic.

The Political Institutions Commission of the Council of States ('the Commission') announced, on 19 May 2020, that, after the second reading of the draft law revising the Federal Act on Data Protection 1992, a compromise solution on profiling was adopted.

The Information Commissioner's Office published, on 19 May 2020, in collaboration with the Alan Turing Institute, guidance ('the Guidance') for organisations on the processes, services, and decisions delivered or assisted by artificial intelligence ('AI') to affected individuals.

The Office of the Data Protection Ombudsman ('the Ombudsman') announced, on 20 May 2020, that the Deputy Data Protection Ombudsman ('the Deputy Ombudsman') had initiated an investigation into PINS Finland Oy’s loyalty program.

The National Centre for the Protection of Personal Data ('NCPDP') issued, on 20 May 2020, a statement regarding the compliance of the Customs Service of the Republic of Moldova.

The Ministry of Justice and Security ('the Ministry') opened, on 20 May 2020, a public consultation on the Data Protection Collective Act ('the Act'), including amendments to the Act Implementing the General Data Protection Regulation (Regulation (EU) 2016/679)('GDPR') and other laws, such as the Whistleblowers Authority Act, in order to update

The Norwegian data protection authority ('Datatilsynet') announced, on 20 May 2020, that it has notified the Bergen Municipality of its intention to issue a fine of NOK 3 million (approx. €275,000) for inadequately securing personal information in the context of the school's communication system between homes and the school.

The Dutch data protection authority ('AP') announced, on 20 May 2020, its assessment of the Cabinet's proposal to amend the Telecommunications Act to allow for the sharing of telecommunications data to combat the COVID-19 ('Coronavirus') pandemic.

The National Cyber Security Centre ('NCSC') published, on 20 May 2020, guidance ('the Guidance') to help small and medium enterprises ('SMEs') move their business online, as a result of adjusting their ways of working during the COVID-19 ('Coronavirus') pandemic.

The Icelandic data protection authority ('Persónuvernd') announced, on 19 May 2020, that it had issued, on 18 May 2020, an opinion ('the Opinion') on the requirement of the Directorate of Health that self-employed medical practitioners transmit information about their patients for their registration.

The Healthcare and Public Health Sector Coordinating Council ('HSCC') and the Health Information Sharing and Analysis Center ('H-ISAC') released, on 18 May 2020, guidance ('the Guidance') for healthcare entities on ways to manage their cybersecurity tactical crisis response during an emergency, such as the COVID-19 ('Coronavirus') pandemic.

The Federal Ministry of Health ('BMG') announced, on 14 May 2020, that the German Parliament ('Bundestag') had adopted the Second Law for the Protection of the Population during an Epidemic of National Importance ('the Law'). In particular, the Law provides that laboratories must now also notify negative test results and potential areas of infec

The Court of Appeals of Indiana ('the Court of Appeals') issued, on 15 May 2020, its decision ('the Decision') in Haley SoderVick v.

The Joint Human Rights Committee ('the Committee') announced, on 15 May 2020, that it had drafted a bill ('the Draft Bill') to protect the personal privacy of data gathered by the COVID-19 ('Coronavirus') contact tracing app ('the App').

The Healthcare and Public Health Sector Coordinating Council ('HSCC') announced, on 14 May 2020, that it had released its cybersecurity guidance, the Health Industry Cybersecurity Protection of Innovation Capital ('the Guidance'), and is requesting comments on the same.

Bill No. 13497-07 that Reinforces the Protection of Sensitive Health Data During Health Quarantine or a State of Emergency from a Catastrophe Declared by the Authority ('the Bill') was submitted, on 13 May 2020, to the Senate.

The Portuguese data protection authority ('CNPD') issued, on 12 May 2020, its response ('the Response') to parliamentary questions regarding its guidelines on measuring workers' temperature ('the Guid

The Gibraltar Financial Services Commission ('GFSC') published, on 19 May 2020, a statement ('the Statement') on the supervision of anti-money laundering and combatting the financing of terrorism ('AML/CFT') during the COVID-19 ('Coronavirus') crisis.

The Ministry of Finance ('the Ministry') announced, on 21 May 2020, the development of a regulatory framework for financial monitoring.

The Commodity Futures Trading Commission announced, on 20 May 2020, that the Division of Enforcement ('the Division') had issued new guidance outlining the factors it considers in recommending civil monetary penalties and incorporated it into the Division's enforcement manual ('the Enforcement Manual').

The Ministry of Digital Development, Telecommunications and Mass Media of the Russian Federation ('Minsvyaz') announced, on 20 May 2020, that it had launched a service for digital interaction between citizens and banks through the Unified Portal of Public Services.

The Reserve Bank of India ('RBI') published, on 19 May 2020, a statement announcing that it was extending its Know Your Customer Direction, 2016 ('the KYC Direction') to housing finance companies.

The Federal Trade Commission ('FTC') announced, on 19 May 2020, that it had reached a $40.2 million settlement with First Data Merchant Services, LLC whom the FTC charged ('the Complaint') with knowingly processing payments and laundering or assisting in the laundering of credit card transactions for scams targeting consumers.

The Financial Crimes Enforcement Network ('FinCEN') issued, on 18 May 2020, a notice ('the Notice') in relation to the COVID-19 ('Coronavirus') pandemic and financial institutions' reporting obligations under the Bank Secrecy Act 1970 ('BSA').