Companies subject to India’s new data protection law should assess practical implications.
The Indian parliament enacted India’s first comprehensive data protection law on 11 August 2023, namely the Digital Personal Data...more
The updated reform legislation provides welcome guidance and clarifications on aspects such as legitimate interests and accountability, without substantially shifting the approach proposed under the existing reform bill. ...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year.
The European Data Protection Board (EDPB) has announced that its coordinated...more
3/27/2023
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Harmonization ,
Personal Data
On 3 May 2022, the European Commission launched its proposal for a Regulation for the European Health Data Space to “unleash the full potential of health data”. However, questions arise as to whether this proposal is a...more
11/2/2022
/ Biometric Information ,
Consent ,
Data Controller ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Medical Research ,
Personal Data ,
PHI ,
Portability ,
Public Health ,
Public Policy ,
Transparency
UK government sets out ambitious proposal for reforming the UK data protection landscape.
On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published its response to its consultation “Data: a new...more
7/13/2022
/ Consultation ,
Data Protection ,
e-Privacy Directive ,
Electronic Communications ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Regulatory Agenda ,
UK ,
UK GDPR
The EDPB sets out relevant steps and factors that EU supervisory authorities should consider when calculating administrative fines under the GDPR.
On 16 May 2022, the European Data Protection Board (EDPB) adopted draft...more
6/1/2022
/ Data Controller ,
Data Processors ,
Data Protection ,
Draft Guidance ,
European Data Protection Board (EDPB) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Personal Data ,
Statutory Penalties ,
Trademark Infringement
Companies have three months to prepare to use the latest standard contractual clauses for new data transfers, and 18 months to migrate existing arrangements.
On 4 June 2021, the European Commission released its...more
6/28/2021
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
FISA ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Die Datenschutzorganisation noyb droht mit über 10.000 Beschwerden wegen möglicher rechtswidriger Verwendung von Cookies.
Am 31. Mai 2021 startete die Datenschutzorganisation noyb (die Abkürzung steht für „none of your...more
Swiss companies are advised to take additional measures when transferring personal data from Switzerland to the US.
On 8 September 2020, the Swiss data protection authority, Adrian Lobsiger (the Federal Data Protection and...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations.
The National Cyber Security Centre (NCSC) has published introductory guidance for operators of...more
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation.
The UK government moved closer to implementing the Security of Network and Information Systems...more
As European data protection regulators prepare to enforce the General Data Protection Regulation (GDPR) from May 2018, private equity firms must act to minimise the risk of becoming financially liable for the data protection...more
12/14/2017
/ Antitrust Provisions ,
Corporate Liability ,
Data Breach ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Portfolio Companies ,
Private Equity ,
UK
Her Majesty’s Government last week published a position paper outlining its preferred post-Brexit landscape for data protection. The high-level takeaways are hardly surprising: the government stresses that it intends to...more
Hacking of organizations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is...more
Global cyber-attack threats stand at the highest ever recorded level, jumping 14 percent from 2012 to 2013 (Cisco 2014 Annual Security Report). Furthermore, a recent Microsoft Security Intelligence Report found that operating...more
While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the...more
In 2012, the director gen¬eral of MI5 revealed that a London-listed company had lost £800 million as a result of a state-backed cyber at¬tack. The company in question has not been publicly identified and no disclosures were...more
When former NSA contractor, Edward Snowden, leaked documents disclosing the NSA’s mass surveillance programme, known as PRISM, he re-invigorated the debate on, and the media interest in, the validity of the current safeguards...more