After one really challenging summer, we were more than ready for autumn and our new/old routine. We’ve been working on our social media content as usual, but we decided to take a few steps further when it comes to our connection with you. Our connection and communication with you is by far the most important one to us, so we’re working hard on making it much more easier and better, so stay tuned for more information about that part.

Of course, like every month, we covered some really interesting topics and various of different news regarding GDPR and EU in global.

Let’s begin from “Are you shredding your papers” story.

So, firstly, you can answer our question – are you? Well, you should and you will after reading this story.

The Danish data protection authority (Datatilsynet) announced on 20 August 2020 that it had itself suffered a personal data breach after finding that some of its paper waste containing confidential and sensitive information about citizens and employees had been disposed of as ordinary paper waste and not shredded. Datatilsynet noted that this material, although stored electronically, had been printed by the Datatilsynet's employees and that such material had been thrown into a container in the belief that this paper waste would be shredded.

Since this represents a clear case of data breach, Datatilsynet itself was obligated to follow all the GDPR rules regarding data breach. Datatilsynet noted that the breach of personal data had been reported in the same (regular) way that all other data controllers use, but that the notification took place almost 24 hours late in relation to the requirement for notification within a maximum of 72 hours.

So, after we learned this lesson, we can continue with the news.

Big thing happened on the 16th of September. The President of the European Commission, Ursula von der Leyen, gave her first speech on the state of the Union in front of the European Parliament. In the 90 minutes long speech, she looked back on a wide range of policy areas and analysed the situation in the Union and the world, as well as announcing future important steps.

The main focus of the speech was on a common way to get out of the crisis.

Also, EU is currently debating whether they should grant GDPR adequacy to the UK. In the two-year review of the EU General Data Protection Regulation (GDPR), the European Commission “cannot predict” whether the UK, now an ex-EU member, will be fit for a data transfer adequacy agreement with the EU.

In line with the Political Declaration on the Future Relationship between the EU and the UK, the Commission is currently carrying out an adequacy assessment under both the GDPR and the Data Protection Law Enforcement Directive.

Adequacy plays an important role in the context of the future relationship with the UK. It constitutes an enabling factor for trade, including digital trade, and an essential prerequisite for a close and ambitious cooperation in the area of law enforcement and security. EU and UK are two closely integrated areas and economies, so a positive adequacy decision could find its ground in more than one area. Let’s highlight the 3 most important ones.

1. DIGITAL ECONOMY - UK has established a strong (one of the leading) positions regarding AI, i.e. startups and research centers regarding AI
2. ADHERENCE TO THE GDPR - UK has already shown its adherence to the GDPR
3. UK INFORMATION COMMISSIONER’S OFFICE - it has been one of Europe’s leading data protection regulators

It was definitely one interesting September and we’re hoping that October will bring some exciting news and stories too.

Stay tuned!

Your AP team