https://github.com/StatesOfJersey/Jersey-COVID-Alert-Documentation
(DPIA example)
Someone’s argument for Data Embassy Principles
EDPS: Strategy for Union institutions, offices, bodies and agencies to comply with the ‘Schrems II’ Ruling
Article: DPA Thüringen: Interessenkollision bei Personalunion: DSB und IT-Sicherheitsbeauftragter
Article: The Italian privacy authority rules on the definition of personal data and the relevance of the DPO’s opinion
(The concept of personal data might be broader than expected and the opinion of the DPO might be useful)
Requesting the opinion of teh DPO led to a lower fine.
EDPB: Guidelines 4/2019 on Article 25 Data Protection by Design and by Default (adopted, Oct 2020)
Article: Do I need to provide my DPIA on request? (in German)
Muss ich meine Datenschutz-Folgenabschätzung (DSFA) auf Anfrage herausgeben?
https://www.datenschutz-guru.de/muss-ich-meine-datenschutz-folgenabschaetzung-dsfa-auf-anfrage-herausgeben/
No – if requested by data subject
Yes – if requested by DPA – it depends, Art 58
(Data protection impact assessment)
Slides (David Vasella): Intra-group data transfer/processing agreements
FTC vs. Facebook – MandatedPrivacy Controls (Summer 2020)
Article: Summary of important change sin new Swiss Data Protection Law (revDSG)
Das neue Schweizer Datenschutzgesetz – Die wichtigsten Neuerungen für Unternehmen”
by Daniela Fábián Masoch