Data Protection Leader | July 2020
Data Protection Leader is the bimonthly publication from OneTrust DataGuidance featuring a range of editorials, insights, interviews, and news from leading industry experts and the OneTrust DataGuidance in-house analyst team.
The July 2020 issue features articles on the EDPB's draft guidelines on Privacy by Design and by Default, from Odia Kagan of Fox Rothschild LLP as well as insight on Zimbabwe’s Cybersecurity and Data Protection Bill from Nobert M. Phiri and Tanatswa S. Mataranyika of Muvingi & Mugadza Legal Practitioners.
There are also in-depth interviews with Dr. Dieter Kugelmann, Commissioner at the Rhineland-Palatinate Data Protection Authority, and Pierre Faller, Data Protection Officer at Christian Dior, looking at recent amendments to German federal law and managing internal privacy policies and notices respectively.
As always, Eduardo Usturan of Hogan Lovells provides us with an editorial this time looking at the CJEU judgement on Schrems II and the impact it will have.
“International data transfers are not the result of tech companies' business plans. They are the result of a technological evolution that has sought to meet our human demands. As progress was driven by our digital capabilities, international data transfers became essential for the modern world. That was true yesterday and remains true today, irrespective of the legal nuances that we now face.”
Odia Kagan examines the EDPB's draft guidelines on Privacy by Design and by Default and how they can best be implemented within organisations.
“Article 25 of the GDPR does not oblige controllers to implement any prescribed technical and organisational measures or safeguards, as long as the chosen measures and safeguards are in fact appropriate at implementing data protection into the processing.”
Nobert M. Phiri and Tanatswa S. Mataranyika of Muvingi & Mugadza Legal Practitioners provide an overview of the Cybersecurity and Data Protection Bill in Zimbabwe and how it may affect businesses in their approach to data protection and cybersecurity.
“Zimbabwean businesses have increasingly evolved to e-commerce. Such a shift has had an impact on how personal data is processed, stored, and transferred, triggering concern as to whether contracting parties, particularly the consumers, are adequately protected in the cyber- environment. The Bill should thus deal with principles on data privacy such as collection limitation, use limitation, and security safeguards.”
As part of the Regulator Spotlight series, we met with Dr. Dieter Kugelmann. Dr. Kugelmann discusses his thoughts on recent amendments to German federal law and trends that the authority has noted regarding compliance activities, especially with respect to Articles 12, 13 and 14 of the GDPR.
“Article 12, 13, and 14 are, in my view, the most complicated and most challenging of all of the GDPR because they have a lot of processes, and we have seen that enterprises which are bigger can cope with it, but small and medium enterprises really have problems.”
We also met with Pierre Faller, Data Protection Officer at Christian Dior. Pierre gave his recommendations for managing internal privacy policies and notices as well as giving his opinion on data protection related case law.
“The main trend that I've seen growing over the last couple of months has been the link between data protection laws and consumer laws, meaning that you are no longer really dealing with only the data subjects, you are also dealing with the clients, and the clients have certain rights, and businesses have certain obligations under consumer rules.”