Guidance from Data Protection Authorities in 2019

In 2019 we’ve been very busy gathering news about data protection and sending monthly newsletters to all you privacy enthusiasts out there. This December we looked back at all the useful guidelines published by the Data Protection Authorities from EU Member States that made it to our newsletters and we gathered them all under the mistletoe.

So sit back, pour yourself a cup of hot chocolate and skim through all this data protection knowledge:


πŸ“’ Guide for prior consultation following DPIA.
πŸ“’ DPIA List (original document in French / article in English).


πŸ“’ New guidance about posting photos online (article in English).


πŸ“’ Updated cookie guidelines, in the aftermath of the Planet49 decision.


πŸ“’ DPIA whitelist.
πŸ“’ Cookie guidance.
πŸ“’ Kit for developers, including guidance on using libraries and third party SDKs.
πŸ“’ Draft standards on the processing of personal data for core HR activities.
πŸ“’ Binding regulation on the use of biometric data for the purpose of controlling workplace access to premises, devices and computers.
πŸ“’ Guide on interface design and choices (French only).


πŸ“’ Bavarian Data Protection Authority answers FAQ on connected vehicles (see here an article in English).
πŸ“’ Data Protection Authority of Brandenburg comments on the transfer of group employee data to a third country (article in English).
πŸ“’ Bavarian DPA published a new FAQ regarding the requirements for WebFonts, Maps, GoogleAnalytics, Facebook Custom Audience (read here an article in English).
πŸ“’ Guidelines on data transfers in asset deals.
πŸ“’ Audit checklist for GDPR readiness.
πŸ“’ Sample joint controllers agreement.
πŸ“’ Conference of Independent Federal and State Data Protection Authorities in Germany (DSK) issued a position paper on data protection requirements regarding the operation of Facebook pages. See here the paper in German and here an article in English.
πŸ“’ DSK also published Guidance and FAQ on cookies.
πŸ“’ DSK issued guidance on the applicability of the German Telemedia Act, which includes the topic of cookies post-GDPR and a paper on consent for scientific research.
πŸ“’ Guidance on data processing in the employment context (available only in German here; see article in English here).


πŸ“’ Hungarian DPA: Key GDPR cases.


πŸ“’ General Portable Storage Device Recommendations
πŸ“’ Guidance for Organisations on Phishing and Social Engineering Attacks.
πŸ“’ Guide to Data Protection Impact Assessments for any processing that is β€˜likely to result in a high risk to individuals’, including some specified types of processing.
πŸ“’ DSAR FAQ (Data Subject Access Requests).
πŸ“’ Guidance for Organisations Engaging Cloud Service Providers.
πŸ“’ Guidance on direct marketing and GDPR requirements.
πŸ“’ Guide for users about app permission requests.
πŸ“’ Guidance on Requesting Personal Data from Prospective Tenants.
πŸ“’ Transfers of personal data to third countries or international organisations.
πŸ“’ Β Guidance on CCTV in the home.
πŸ“’ Β Guidance Note on Data Protection Basics.
πŸ“’ Β Quick Guide to GDPR Breach Notifications.
πŸ“’ Definition to the β€˜right to be forgotten’ or the right to erasure as stated in arts. 17 and art. 19 of the GDPR.
πŸ“’ Guidance on the Use of CCTV – For Data Controllers.
πŸ“’ Guidance on Data Sharing in the Public Sector.
πŸ“’ Elections and canvassing: Data Protection and Electronic Marketing – the data protection rights of individuals.
πŸ“’ Guidance for Drivers on use of β€œDash Cams”.


πŸ“’ FAQ on the topic of access to banking data.
πŸ“’ Approval of the β€˜Code of conduct for credit reporting systems operated by private entities regarding consumer credit, creditworthiness and punctuality in payments’.
πŸ“’ Rules on processing personal data in the context of political campaigns.


πŸ“’ Severely restricts situations when legitimate interest ca be relied on as a legal ground for personal data processing (read here a summary in English).
πŸ“’ Further guidance on data breaches.
πŸ“’ Indication for the application of pecuniary sanctions under the GDPR (available in Dutch).


πŸ“’ New guide on data breaches.


πŸ“’ Cookie guidance.


πŸ“’ Introduction to the hash function as a personal data pseudonymisation technique
πŸ“’ Guidance on the use of cookies (English version available here).
πŸ“’ Opinion on DNS security, data protection, and privacy.
πŸ“’ Guide on the protection of personal data of patients.
πŸ“’ Guidelines on privacy by design.
πŸ“’ Joint Statement On Data Processing And Artificial Intelligence.
πŸ“’ Technical paper on transparency for mobile apps (full document here in Spanish).
πŸ“’ Report on the first year of GDPR application.
πŸ“’ Technical studies regarding the Android Operating System: User control over the personalization of advertisements and App access to the device screen. The studies are aimed at developers and users alike.
πŸ“’ Analysis on the data processing operations conducted via drone.
πŸ“’ Survey regarding the use of device fingerprinting.
πŸ“’ Guide on personal data breach management and notification.

United Kingdom

πŸ“’ Guidance on the processing of special categories of personal data.
πŸ“’ Modified guidance on calculating the timescales for responding to data subject access requests.
πŸ“’ Cookie guidance.
πŸ“’ Update report into adtech and real time bidding.
πŸ“’ GDPR – one year on.
πŸ“’ Information for medical practitioners with regard to patients’ access to medical data.

Comments are closed.