BETA
Home MEPs Dossiers Committees Subjects Blog About Dumps

19 Amendments of Baroness Sarah LUDFORD related to 2011/0011(COD)

Amendment 1926 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 30 – paragraph 1
1. The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected, having regard to the state of the art and the costs of their implementationHaving regard to the state of technological development and the cost of implementation, the controller must implement appropriate technical and organisational measures to ensure a level of security in relation to the processing personal data that is appropriate to: (a) the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage as mentioned in Article 5(1)(ea), and (b) the nature and scope of the data to be processed.
2013/03/06
Committee: LIBE
Amendment 1931 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 30 – paragraph 2
2. The controller and the processor shall, following an evaluation ofIn complying with the prisks, take the measures referred to in paragraph 1 to protect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorised disclosure, dissemination or access, or alteration of personal datanciple as set out at Article 5(1)(ea), a controller must consider any relevant guidance drawn up by the supervisory authority under Article 38.
2013/03/06
Committee: LIBE
Amendment 1937 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 30 – paragraph 3
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the technical and organisational measures referred to in paragraphs 1 and 2, including the determinations of what constitutes the state of the art, for specific sectors and in specific data processing situations, in particular taking account of developments in technology and solutions for privacy by design and data protection by default, unless paragraph 4 applies.
2013/03/06
Committee: LIBE
Amendment 1943 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 30 – paragraph 4
4. The Commission may adopt, where necessary, implementing acts for specifying the requirements laid down in paragraphs 1 and 2 to various situations, in particular to: (a) prevent any unauthorised access to personal data; (b) prevent any unauthorised disclosure, reading, copying, modification, erasure or removal of personal data; (c) ensure the verification of the lawfulness of processing operations. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 1959 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not lat where there is a significant risk that the personal data breach will adversely affect the rights and freedoms of data subjects, the controller tshan 24 hoursll without undue delay after having become aware of it, notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hours.
2013/03/06
Committee: LIBE
Amendment 1967 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 2 a (new)
2a. In making the risk assessment, the controller should be required to have regard to factors including the nature of the data; whether the breach appears to be likely to cause substantial damage or substantial distress to the data subject or is otherwise likely to significantly prejudice the rights and freedoms of the data subject and the degree to which those risks are mitigated by the security measures which the controller has taken pursuant to Article 30.
2013/03/06
Committee: LIBE
Amendment 1968 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 3
3. The notification referred to in paragraph 1 must at least: (a) describe the nature of the personal data breach including the categories and number of data subjects concerned and the categories and number of data records concerned; (b) communicate the identity and contact details of the data protection officer or other contact point where more information can be obtained; (c) recommend measures to mitigate the possible adverse effects of the personal data breach; (d) describe the consequences of the personal data breach; (e) describe the measures proposed or taken by the controller to address the personal data breach.deleted
2013/03/06
Committee: LIBE
Amendment 1974 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 3 a (new)
3a. The national supervisory authority should provide guidance under Article 38 on the particular circumstances in which notification to the supervisory authority should take place. Furthermore, the level of detail and the specific information required when a controller notifies the supervisory authority of the data breach should be contained in guidance.
2013/03/06
Committee: LIBE
Amendment 1975 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 4
4. The controller shall document any personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken. This documentation must enable the supervisory authority to verify compliance with this Article. The documentation shall only include the information necessary for that purpose.deleted
2013/03/06
Committee: LIBE
Amendment 1988 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for establishing the data breach referred to in paragraphs 1 and 2 and for the particular circumstances in which a controller and a processor is required to notify the personal data breach.
2013/03/06
Committee: LIBE
Amendment 1991 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 31 – paragraph 6
6. The Commission may lay down the standard format of such notification to the supervisory authority, the procedures applicable to the notification requirement and the form and the modalities for the documentation referred to in paragraph 4, including the time limits for erasure of the information contained therein. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).deleted
2013/03/06
Committee: LIBE
Amendment 2023 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 1
1. Where processing operations present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes, the controller or the processor acting on the controller's behalf shall carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment shall be sufficient to address a set of processing operations that present similar risks.
2013/03/06
Committee: LIBE
Amendment 2027 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 1 a (new)
1a. Such a requirement shall not apply to: (a) micro small and medium-sized enterprises that process data only as an activity ancillary to their main activities; (b) all micro, small and medium-sized enterprises for the first three years after the enterprise was founded.
2013/03/06
Committee: LIBE
Amendment 2040 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 2 – point c
(c) automated monitoring publicly accessible areas, especially when using optic-electronic devices (video surveillance) on a large scale;
2013/03/06
Committee: LIBE
Amendment 2043 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 2 a (new)
2a. The supervisory authority shall establish and make public a list of the kind of processing for which a data protection impact assessment would be recommended. The supervisory authority shall communicate those lists to the European Data Protection Board.
2013/03/06
Committee: LIBE
Amendment 2046 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 3
3. The assessment shall contain at least a general description of the envisaged processing operations, an assessment of the risks to the rights and freedoms of data subjects, the measures envisaged to address the risks, safeguards, security measures and mechanisms to ensure th the likelihood of the processing operation giving rise to harm to the fundamental rights and freedoms of data subjects or any other person, and the seriousness of any such harm, and explain the measures the controller intends to take to mitigate the chance of that harm or its seriousness, including the security measures and other safeguards and mechanisms the controller intends to put in place to ensure protection of personal data and to demonstrate compliin accordance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons concerned.
2013/03/06
Committee: LIBE
Amendment 2057 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 4
4. The controller shall seek the views of data subjects or their representatives on the intended processing, without prejudice to the protection of commercial or public interests or the security of the processing operations.deleted
2013/03/06
Committee: LIBE
Amendment 2078 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the processing operations likely to present specific risks referred to in paragraphs 1 and 2 and the requirements for the assessment referred to in paragraph 3, including conditions for scalability, verification and auditability. In doing so, the Commission shall consider specific measures for micro, small and medium- sized enterprises.
2013/03/06
Committee: LIBE
Amendment 2088 #
Baroness Sarah LUDFORD
Proposal for a regulation
Article 33 – paragraph 7
7. The Commission may specify standards and procedures for carrying out and verifying and auditing the assessment referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).deleted
2013/03/06
Committee: LIBE
@parltrack
@parltrack@eupolicy.social
[javascript protected email address]
code AGPLv3.0+
data ODBLv1.0
site content CC-By-Sa-3.0

ParlTrack - 2011-2024

© European Union, 2011 – Source: European Parliament
Hosted by AS250.net Foundation