Successfully closed IOI Europe Workshop on General Data Protection Regulation
From 16 to 17 October 2019 a workshop for the European Region of the IOI was held in Riga (Latvia). The workshop was hosted by the Office of the Ombudsman of Latvia and took place in the Wellton Riverside Hotel in Riga.
The workshop focused on the EU’s General Data Protection Regulation and the different aspects to be considered by human rights institutions in their work. It was divided in three sessions: GDPR and supervision, GDPR at national level and GDPR and individual.
Workshop gathered representatives from different ombudsman institutions. It was opened with some remarks from Ombudsman of the Republic of Latvia Mr. Juris Jansons as well as opening words from IOI President Mr. Peter Tyndall and European Chairman of the IOI Mr. Rafael Ribo.
In the first session speakers looked at issues from GDPR supervision level, by indicating working in the EU with regulation already for many years as well as looking to relevant factors that can might affect application. Speakers also pointed to many sides of interest that should be taken into account. In this session participants were introduced with recent case law and experience from the perspective of the GDPR.
Second session was dedicated to GDPR and experience in national level. Speakers from different countries introduces with their best practices as well as challenges that they are facing after first year of GDPR. Some hot topics are highlighted during this session. For example – how to implement privacy by design in the organization, how to be ready for digitalization, how to deal with information that organizations hold, how to communicate privacy information, what is the lawful basis for processing personal data and other.
Third session was group work session where participants where asked to deal with different cases regarding data protection.
Next day started with presentations regarding protection of personal data in the field of journalism in the context of the General Data Protection Regulation and such definition like “citizen journalism” where speakers invited to think about different daily aspects of GDPR. For example, processing of personal data in journalism photo publishing, minor data processing, rights to information, rights to restrict data processing, rights to be erased as well as commercial communications to readers. Speakers also asked question for discussion – who is considered a journalist and what is public interest?
Second part was group discussions about such questions like the role of the Ombudsman institution in data protection, Ombudsman’s right to access the information and the duty to receive consent under art. 7 of GDPR when investigating the claim, Ombudsman’s right to access the information and the obligation to properly inform the data subject under art.14 of GDPR, data processing of the Ombudsman office’s case files for research purposes, data subject’s right to access information about their case file and the protection of other people’s data, archiving the person’s data and “the right to be forgotten” and others.
Ombudsman’s Office of the Republic of Latvia would like to thank all participants for their input and hopes that everyone took from this workshop something useful for their work.