Support Centre


Design, optimise and maintain today

Monitor regulatory developments, mitigate risk and achieve global compliance with the full OneTrust DataGuidance platform

Privacy Today

Bill 1027/2020 Extending the Date of Entry Into Force of Provisions of the General Law on Protection of Personal Data to 16 February 2022, and Bill 1179/2020 Providing for the Emergency and Transitional Legal Regime for Private Law Relations in the Period of the Coronavirus ('COVID-19') Pandemic, were referred, on 1 and 2 April 2020, to the Plen

The Hellenic Data Protection Authority ('HDPA') announced, on 3 April 2020, its decision ('the Decision') on working arrangements in light of Covid-19 ('Coronavirus') measures. In particular, the HDPA highlighted that it will postpone public hearings from 3 April 2020 until 24 April 2020.

The Electronic Privacy Information Center ('EPIC') announced, on 5 April 2020, that it had a sent a letter ('the Letter') to the Federal Trade Commission ('FTC') urging it to investigate the business practices of Zoom Video Communications, Inc. and to issue best practices for online conferencing services.

The Government published, on 3 April 2020, temporary changes to its subject access request ('SAR') guidelines. In particular, the Government highlights that in order to minimise delays, for a temporary period, SARs made by email can now be accompanied by scanned images of ID documents.

The Information Regulator ('the Regulator') published, on 3 April 2020, its Guidance Note ('the Guidance Note') on the Processing of Personal Information in the Management and Containment of the COVID-19 ('Coronavirus') Pandemic in terms of the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA').

The Moroccan data protection authority ('CNDP') issued, on 30 March 2020, its deliberation of 26 March 2020 ('the Deliberation') on the extension of a moratorium on facial recognition until 31 December 2020.

The Ministry of Digital Transformation ('MDT') announced, on 2 April 2020, that it had launched a public services action portal ('the Public Service Portal').

The Office of the Personal Data Protection Inspector ('PDP') submitted, on 1 April 2020, its 2019 activity report ('the Report') to the Parliament of Georgia.

The Data State Inspectorate ('DVI') issued, on 3 April 2020, guidance ('the Guidance’) on phishing activities by telephone, email and SMS.

The Federal Office for Information Security ('BSI') published, on 2 April 2020, a statement detailing that it is currently observing an increase in cyber attacks on companies and citizens, related to COVID-19 ('Coronavirus').

The European Union Agency for Cybersecurity ('ENISA') published, on 2 April 2020, a Roadmap ('the Roadmap') to enhance the cooperation between Computer Security Incident Response Teams ('CSIRTs') and law enforcement agencies ('LEAs'), which includes an analysis of significant issues that are likely to inhibit cooperation.

The Swedish data protection authority ('Datainspektionen') announced, on 2 April 2020, that Standard Contractual Clauses ('SCC') developed by the Danish data protection authority can be used by businesses in Sweden.

The Personal Information Protection Committee ('PPC') released, on 2 April 2020, guidelines ('the Guidelines') and a question and answer ('the Q&A') on the handling of personal information to prevent the spread of COVID-19 ('Coronavirus').

The European Commission ('the Commission') announced, on 3 April 2020, that it had adopted the proposal ('the Proposal') to postpone the application of Regulation (EU) 2017/7457 on Medical Devices, amending Directive 2001/83/EC, Regulation (EC) No. 178/2002 and Regulation (EC) No.

The National Institute for Transparency, Access to Information and Personal Data Protection ('INAI') released, on 2 April 2020, a statement ('the Statement') calling on extreme precautions with the personal data of patients diagnosed with COVID-19 ('Coronavirus').

The Dutch data protection authority ('AP') announced, on 2 April 2020, that it had sent, on 30 March 2020, a letter ('the Letter') to the Minister of Medical Care ('the Minister'), approving doctors to view patient medical files through an electronic exchange system with the written or verbal consent of COVID-19 ('Coronavirus') patients, unless

The Paraguay Minister of Technology and Information and Communication ('MITIC') announced, on 31 March 2020, that it is releasing a web platform whereby individuals who enter the country can register and update their personal and medical data during the COVID-19 ('Coronaviru') pandemic.

The Belgian Data Protection Authority ('the Belgian DPA') addressed, on 31 March 2020, the processing of health data in the context of COVID-19 ('Coronavirus') regarding health apps. In particular, the Belgian DPA outlined key principles which health app providers must follow.

The Federal Ministry of Health ('BMG') announced, on 1 April 2020, in a statement ('the Statement') that the Federal Cabinet has adopted the draft Patient Data Protection Act ('the Draft Act') on the same day.

The Office of the Privacy Commissioner of New Zealand ('OPCNZ') released, on 2 April 2020, a blog post addressing when a district health board ('DHB') should disclose COVID-19 ('Coronavirus') patient information to a social service agency.

The Bank of Korea ('BOK') announced, on 6 April 2020, the introduction of a pilot test for a central bank digital currency ('the Pilot Test'). In particular, the BOK highlighted that the Pilot Test aims to review both the technical and legal requirements needed for implementing a digital currency and sustaining its operation.

The Swiss Financial Market Supervisory Authority ('FINMA') published, on 2 April 2020, its annual report for 2019 ('the Annual Report’) concentrating on its main activities, annual financial statement, and enforcement actions.

The Personal Information Protection Commission ('PPC') announced, on 1 April 2020, that it had updated its question and answer on Personal Information Protection at Financial Institutions ('the Q&A').

The Inter-American Development Bank ('IDB') published, on 4 February 2020, its Transparency and Integrity Sector Framework Document ('the Report').

The Financial Action Task Force ('FATF') President, Xiangmin Liu, issued, on 1 April 2020, a statement ('the Statement') on COVID-19 ('Coronavirus') and measures to combat illicit financing.

The Gambling Commission announced, on 2 April 2020, that it had fined Caesars Entertainment UK Limited, a land-based gambling business, £13 million for anti-money laundering ('AML') and social responsibility failings.

The Minister of Finance, Wopke Hoekstra, sent, on 31 March 2020, a letter ('the Letter') with the Dutch response ('the Response') to the EU consultation on financial services' resilience framework,

The National Bank of Ukraine ('NBU') announced, on 31 March 2020, that it had imposed a fine on joint stock company the State Export-Import Bank of Ukraine for violations of financial monitoring laws.