From Thailand to Jersey – GDPR’s global effect is evident
Our Asia-Pacific Editor, Graham Greenleaf writes in this issue that the Thai data protection law is the first explicitly “GDPR-based” law yet be enacted in Asia (p.1), and Jersey’s Information Commissioner, Jay Fedorak says that Jersey’s close alignment with the GDPR forms part of a general economic strategy (p.12). It is therefore clear that the GDPR is having a global effect – also in Australia where there are pressures to modernise the law (p.17). In our series of GDPR implementation across EU Member States, we now turn to Portugal. Its law, adopted in June this year has been in force since August. Read an interview about the law with Portuguese DP lawyers on p.14. In Lithuania, a new data protection law was adopted in June 2018, and the regulator has now issued the first significant fine. There are some national specifics that are different from the GDPR such as the provisions regarding the processing of national identity numbers (p.9).
Meanwhile, organisations need to get on with training. The STAR project’s ready-made, easy-to-customise training materials, developed for the busy DPO, are now available (p.20). The STAR training materials are based upon research into existing GDPR training practices and should therefore be relevant and very useful.
We also return to the issue of recent cookie guidance from France’s regulator (p.1). Things are moving fast in this area – the Internet Advertising Bureau Europe has released the second version of its consent and transparency framework, and Google has said it expects to join by the end of next March.
We are also pleased to bring you the winning competition essays from PL&B’s Student Essay Competition this summer. These two winning entries discuss consent, legitimate interest and joint controllership in AdTech (p.24), and the market and legal challenges in convincing companies that GDPR-compliance is a competitive advantage (p.28).
Editor, Privacy Laws & Business