On the 17 of July 2020, the High-Level Expert Group on Artificial Intelligence (AI HLEG) presented their final Assessment List for Trustworthy Artificial Intelligence.
In case you are need for some inspiration in the wake of Schrems II..
Blog article with some commentary
Interesting note on contracts.
Evaluating the level of risk for a personal data processing operation
includes further links to risk assessment methodologies
Interesting report that also points out the wide variety in DPIA formats and sizes.
It also talks about specific passages and questions used.
Additional EDPS guidance:
Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.
- Contact information for Data Protection Authorities around the world
- Number of formal notices notified each year since 2014
- Number and type of sanctions notified each year since 2014
- Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
- List of notifications of personal data breaches received by the CNIL
- List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
- Number of complaints received annually by the CNIL since 1981
DSK: Muster Verarbeitungsverzeichnis Verantwortlicher
Kurzpapier Nr. 1 (Verzeichnis von Verarbeitungstätigkeiten – Art. 30 DS-GVO)
(Privacy register, Privacy registry)
The perils of letting third party trackers use your CNAME / subdomain.
The German Data Protection Authorities are developing a Standard Data Protection Model (SDM), as a guideline for data controllers.
They just published the three first modules – on “Documentation”, “Logging” and “Data deletion”.
So “Data deletion” is obviously a priority to them.