This Week in Privacy: 5 July 2021
July 05, 2021
EU: Commission adopts positive UK adequacy decisions
The European Commission announced that it had adopted two adequacy decisions for the UK, one in relation to the GDPR and one in relation to the Law Enforcement Directive.
The Commission highlighted that the UK's data protection system continues to be based on the same rules that were applicable when the UK was a Member State of the EU, and the UK has fully incorporated the principles, rights, and obligations of the GDPR and the Directive into its post-Brexit legal system. The Commission noted that both adequacy decisions include strong safeguards in case of future divergence, including a sunset clause, which limits the duration of adequacy to four years. Further to this, the Commission emphasised that it continues to monitor the legal situation in the UK and could intervene at any point if the UK deviates from the level of protection currently in place.
Read more here.
South Africa: Regulator enforcement powers under POPIA come into effect
In South Africa, the deadline for organisations to comply with the Protection of Personal Information Act passed on 1 July.
The Information Regulator also announced that its enforcement powers under POPIA had also entered into effect from this date following the conclusion of the 12 month transition period. Moreover, the Regulator released a guidance note on the processing of personal information of children under Section 35 of POPIA and its guidance note on the processing of special personal information under Sections 26 and 27 of POPIA.
You can find out more about OneTrust solutions for POPIA compliance by visiting www.onetrust.com.
Read more here.
USA: NIST white paper defines critical software, as required by Presidential Cybersecurity Executive Order
In the US, the National Institute of Standards and Technology released a white paper defining 'critical software', as required by the Presidential Executive Order on Enhancing the Nation's Cybersecurity.
The Executive Order also requires the Cybersecurity & Infrastructure Security Agency to use this published definition to develop a list of software categories and products that are in scope for that definition and thus subject to the further requirements of the Executive Order.
The white paper introduces the concept of a phased approach for the implementation of the Executive Order's requirements, and provides answers to frequently asked questions that may arise regarding interpretation.
Read more here.