Support Centre


Design, optimise and maintain today

Monitor regulatory developments, mitigate risk and achieve global compliance with the full OneTrust DataGuidance platform

Privacy Today

OneTrust DataGuidance confirmed, on 19 February 2020, with Lebogang Stroom-Nzama, Member of the Information Regulator ('the Regulator'), that the Regulator asked the President of South Africa ('the President') to promulgate the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') before April 2020.

The Office of the Privacy Commissioner for Personal Data ('PCPD') announced, on 19 February 2020, its response to the data breach incident resulting from a suspected theft of mobile phones of the Office of the Government Chief Information Officer ('OGCIO').

The Information Commissioner's Office ('ICO') launched, on 19 February 2020, a consultation ('the Consultation') on its draft guidance ('the Draft Guidance') on the artificial intelligence ('AI') auditing framework for organisations.

The Federal Communications Commission's ('FCC') Enforcement Bureau ('the Bureau') issued, 18 February, an enforcement advisory ('the Advisory') and frequently asked questions ('the FAQs') reminding telecommunication carriers and interconnected Voice over Internet Protocol ('VoIP') providers of their obligation to file their annual certification

The Russian State Parliament ('Duma') announced, on 19 February 2020, that Bill No.

The Office for Personal Data Protection ('UOOU') issued, on 19 February 2020, a statement ('the Statement') on consultations on the draft amendment of the Electronic Communications Act ('the Act'), the Criminal Code ('the Code') and the bill on services for video-sharing platforms ('the Bill').

House Bill ('HB') 1221 for the Act Relative to Privacy for an Employee's Personal Financial and Credit Information ('the Bill') was introduced, on 8 January 2020, to the New Hampshire House of Representatives.

The African Union ('AU') released, on 8 February 2020, its first continental report ('the Report') on the implementation of Agenda 2063, which aims at sustainable development and economic growth of the continent.

The Federal Service for the Supervision of Communications, Information Technology and Mass Communications ('Roskomnadzor') announced, on 20 February 2020, that it had restricted access to the email service.

The U.S. Court of Appeals for the Seventh Circuit ('the Court of Appeals') issued, on 19 February 2020, its decision ('the Decision') in Gadelhak v.

The Information Commissioner ('the Commissioner') published, on 19 February 2020, an infographic on data breach notification ('the Infographic') under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

The Reporting and Analysis Centre for Information Assurance ('MELANI') reported, on 19 February 2020, that it has dealt with more than a dozen ransomware attacks on small and medium enterprises ('SMEs') and larger companies.

The Data Protection Commission ('DPC') published, on 20 February 2020, its 2019 annual report ('the Report'). In particular, the Report highlights that the DPC had received 7,215 complaints in 2019 representing a 75% increase over the total number of complaints received in 2018.

Health Share of Oregon notified, on 5 February 2020, the U.S. Department of Health & Human Services' Office for Civil Rights ('OCR'), of a data breach affecting 654,362 of Health Share's members, which the OCR is now investigating.

The Italian data protection authority ('Garante') announced, on 18 February 2020, that it had published in its monthly newsletter ('the Newsletter') a decision ('the Decision') fining the Azienda Ospedaliero Universitaria Integrata di Verona €30,000 for violating Article 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679

The National Institute for Transparency, Access to Information and Personal Data Protection ('INAI') released, on 17 February 2020, a statement detailing that the Federal Commission for Protection against Health Risks ('COFEPRIS') is under an obligation to provide information on its compliance with the Health Verification Act 19-MF-3309-01748-MO

The Dutch data protection authority ('AP') announced, on 14 February 2020, that it had suspended its fine on Onderlinge Waarborgmaatschappij Centrale Zorgverzekeraars groep ('CZ'), a health insurer, pending corrective action, following an investigation which ruled that CZ's approach to authorisation applications violated the Act Implementing the

The Ministry of Health and Welfare ('MOHW') issued, on 11 February 2020, Draft Implementation Measures of the Hospital Personal Data Archives Security Maintenance Plan ('the Draft Measures'), and is requesting comments on the same.

The Polish data protection authority ('UODO') released, on 10 February 2020, a statement ('the Statement') on whether a person issuing an e-prescription can provide the patient with a four-digit access code over the phone, where the printout form is lost.

The European Union Agency for Cybersecurity ('ENISA') launched, on 12 February 2020, a call for expression of interest with the aim to invite experts to join the eHealth security experts group.

The State Bank of Pakistan ('SBP') issued, on 18 February 2020, details of its significant enforcement decisions for January 2020 ('the Decision'). In particular, the SBP fined Habib Bank Ltd PKR 12.8 million (approx. €77,000) for procedural violations in the areas of customer due diligence and Know Your Customer ('CDD/KYC').

The European Securities and Market Authority ('ESMA') published, on 19 February 2020, its report ('the Report') on Trends, Risks, and Vulnerabilities of 2020 focusing on, among other things, risks related to BigTech.

The Council of the European Union ('the Council') announced, on 18 February 2020, that it had adopted amendments in the context of facilitating the detection of tax fraud in cross border e-commerce transactions.

The Government of Spain announced, on 18 February 2020, that the Council of Ministers had approved the draft law on a FinTech sandbox ('the Draft Law').

The Polish data protection authority ('UODO') issued, on 19 February 2020, a statement ('the Statement') condemning the illegal practice of bank employees of selling customer personal data.

The Autoriti Monetari Brunei Darussalam ('AMBD') announced, on 18 February 2020, a call for applications to participate in the AMBD's regulatory sandbox for FinTech products and services.

The Personal Data Protection Agency ('AZLP') published, on 10 February 2020, its decision ('the Decision') upholding a complaint made by an individual against Intesa Sanpaolo Banka d.d. for the processing of their personal data before signing the contract to open a current account, and after having filed a request to close the same account.

The Supreme Council of Kyrgyzstan ('the Parliament') published, on 18 February 2020, proposed amendments to the Electronic Signature and Combating the Financing of Terrorism and Anti-Money Laundering Law ('the Electronic Signature Law') and, on 17 February 2020, proposed amendments to the Criminalisation of Financing of Terrorism and Anti-Money