Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
New Set of SCCs for Data Transfers to Third Countries On June 4, 2021, the European Commission (EC) published its long awaited new set of Standard Contractual Clauses (New SCCs). This new data transfer mechanism allows for...more
Article 45 of the GDPR allows the transfer of personal data from the EU to a third country when the third country ensures an “adequate level of protection” (adequacy decision). In determining “adequacy,” the GDPR provides...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
More than 60 U.S. and global data protection authorities and governmental agencies have issued guidance on health data collection, COVID-19 diagnosis disclosure, work-at-home practices, and return-to-work approaches. The...more
Global organizations need a clear, legal means to share data across borders, whether to conduct day-to-day business, comply with government regulations, perform under a contract, respond to lawsuits, or simply communicate and...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
What can organizations learn from the first year of enforcement of the European Union’s General Data Protection Regulation (GDPR)? Quite a bit, if you pay attention to what the EU government regulators are doing....more
The GDPR is wrapping up its first year and moving full steam ahead. This principles-based regulation has had a global impact on organizations as well as individuals. While there continue to be many questions about its...more
The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR....more
At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019....more
It has been six months since the European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018, but the law is still in the early implementation stage. As discussed in a previous blog post, the GDPR...more
Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them. And if they finally work out that the GDPR applies, they then...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
Background - On 17 July 2018, the European Union (the “EU”) and Japan reached an agreement to recognize each other’s data protections systems as “equivalent”, and each commits to complete internal procedures by fall 2018 (the...more
If you have ever made an online purchase, chances are that you have received at least one email in the last month notifying you that a company’s privacy policy has changed. ...more
In May 2018, the General Data Protection Regulation (GDPR) entered into effect in EU member states, replacing a longstanding and less rigorous data and e-privacy directive. ...more
This article is Part 4 of our series on the GDPR for U.S.-based companies. Part 1 assisted U.S.-based companies in determining whether the GDPR applies to them; Part 2 provided an overview of the GDPR’s key concepts and...more
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. Although EU laws typically don’t have a worldwide impact, the GDPR will impact business across the globe. The GDPR has an extremely...more
Although the GDPR comes into effect on May 25, 2018, the breadth of its reach will continue to develop long after its effective date. Domestic companies should be aware that the rules will likely change over time. While this...more
The European Union's General Data Protection Regulation (GDPR) is a comprehensive privacy law that governs any entity that collects or processes the personal data of individuals located in the European Union (E.U.)* or the...more
On March 26, 2018, a bipartisan coalition of 37 state Attorneys General sent a letter to Facebook CEO Mark Zuckerberg demanding answers about the company’s business practices and privacy protections. Led by Pennsylvania...more
In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s...more
A major change with the GDPR is that data processors now have direct legal obligations under EU privacy law. This is a significant shift from the current EU Directive which only directly obligates the data controllers....more