Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
Updated June 2023 - The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
On November 28, 2022, the Council of the European Union formally adopted the Network and Information Security 2 Directive (NIS 2 Directive), replacing the current NIS Directive (Directive 2016/1148/EC). On 27 December 2022,...more
On 10 November 2022, the European Parliament approved two significant pieces of cybersecurity legislation: The Network and Information Security 2 Directive (“NIS2”); and The Digital Operational Resilience Act (“DORA”)....more
In a call for Evidence for an Impact Assessment, the European Commission has introduced its initiative for a new Cyber Resilience Act that is set to establish new cybersecurity rules for digital products and ancillary...more
On 8 September 2021, the Federal Cabinet adopted the new strategy for cybersecurity 2021 presented by the Federal Ministry of the Interior, Building and Community (Bundesministerium des Inneren, für Bau und Heimat, BMI). The...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Editors’ Note: This is the sixth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Our previous entry discussed the CCPA, energy, Brexit, health care...more
A year ago, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. With its extraterritorial scope and detailed requirements, the GDPR aimed to change the approach to personal data...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Director Discusses Future Development of Cybersecurity Framework - On March 4, the director of the National Institute of Standards and Technology...more
Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
Six months have now passed since the implementation of the EU General Data Protection Regulation (GDPR). The GDPR has raised awareness of the importance of personal privacy as a fundamental right and placed data protection...more
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together. To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. Although EU laws typically don’t have a worldwide impact, the GDPR will impact business across the globe. The GDPR has an extremely...more
The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25th. As most organizations are aware, the GDPR applies not only to EU businesses but also many companies in the U.S. While the deadline is quickly...more
In less than four months, the General Data Protection Regulation (the "GDPR" or the "Regulation") will take effect in the European Union/European Economic Area, giving individuals in the EU/EEA greater control over their...more
U.S. companies now have to consider breach notification requirements under the GDPR in addition to data breach notification laws in the U.S. (enacted by 48 states and numerous regulators). Follow our chart to determine if...more
In this edition of our Privacy and Cybersecurity Update, we take a look at the Trump administration's executive order outlining its cybersecurity plans, Acting FTC Chairwoman Maureen Ohlhausen's comments on the possible...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In 2016, new privacy, cybersecurity and/or data security legislation passed or became effective in a number of countries, some adopting data security measures for the first time. Several countries adopted cybersecurity...more
The European Data Protection Supervisor (“EDPS”) Giovanni Buttarelli issued a guidance document on data security and risk management for the E.U. institutions (such as the European Parliament, the European Council, and the...more
Senior Counsel Peter Swire to Debate European Privacy Activist Max Schrems. The debate, set to take place on January 26 in Brussels, will highlight key differences between certain European and U.S. attitudes towards U.S....more
On December 15, 2015, European officials issued a Press Release announcing an agreement to enact common standards for data protection across all 28 member states to “put an end to the patchwork of data protection rules that...more
A landmark decision of the European Court of Justice (ECJ) has held that companies may no longer rely on “Safe Harbour” to justify transferring personal data from the European Union to the US, because the US Government has a...more
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of...more
Just one week after the milestone decision rendered by the CJEU to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a...more