Under the European general data protection regulation (GDPR), both controllers and processors of personal data must maintain a record of their processing activities unless they are exempted (article 30 of the GDPR). However, the information to be provided in such
Data Protection Impact Assessment (DPIA)
Under the new european general data protection regulation (GDPR), controllers no longer have to notify the Data Protection Authorities of their data processing activities. Instead, they must keep a record of their processing activities (see here for more details about
CJEU: Combating Crime Does Not Justify General Retention and Unrestricted Access to Location and Traffic Data
In its decision of December 21, 2016 (Joined Cases C-203/15 and C-698/15) the Court of Justice of the European Union (CJEU) ruled that national legislation may not provide for general and indiscriminate retention of all traffic and location data of