Political agreement was reached on 9 December in the negotiations on the EU AI Act, arguably the world’s most comprehensive and ambitious AI law to date.
Some further steps must take place, including confirmation by the...more
The pace of new EU law continues unabated, with IoT, cyber security and digital services being key areas of activity. The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security....more
Updated June 2023 -
The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
6/19/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Digital Marketplace ,
Digital Service Providers ,
Digital Services ,
EU ,
EU Data Protection Laws ,
Information Governance ,
International Data Transfers ,
New Legislation ,
Pending Legislation ,
Personal Data ,
Popular
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
12/30/2022
/ Compliance ,
Consultation ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
EU Directive ,
Information Technology ,
Outsourcing ,
Popular ,
Proposed Amendments ,
Proposed Regulation ,
Third-Party Service Provider ,
UK
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
8/22/2022
/ Australia ,
Client Services ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection Authority ,
ENISA ,
FBI ,
Information Commissioner's Office (ICO) ,
NCSC ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Mitigation ,
UK ,
UK GDPR
From the ICO’s standpoint, the steps you elect to take post-breach and the speed with which you implement them are key. Demonstrating readiness to learn lessons from a breach incident by making investments in post-breach...more
In this part of our briefing series, we look at how individual reactions to a data breach can shift the dial from a regulator’s perspective. Recent decisions have shown that the ICO will look behind a company’s public...more
When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more
Key to recent ICO decisions has been the ICO’s assessment of the extent and quality of communications with affected individuals and the regulator itself. It is clear the ICO sees certain behaviours (such as the setting up of...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits.
Who is this relevant for?...more
3/20/2020
/ Corporate Fines ,
Corporate Liability ,
Cybersecurity ,
Data Protection Authority ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internal Audit Functions ,
PCI-DSS Standard ,
Security and Privacy Controls ,
Security Audits ,
UK ,
UK Brexit
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force?
Final fines are still awaited on the UK’s...more
We are now over a year on from the major changes made to the European data protection regime by the GDPR so it is time to revisit what the changes mean now for the hospitality sector and investment in it, given increased...more
11/6/2019
/ Amended Regulation ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processing Rules ,
Data Processors ,
e-Privacy Directive ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Hospitality Industry ,
Hotels ,
Information Commissioner's Office (ICO) ,
Member State ,
Popular ,
Regulatory Standards ,
Risk Management ,
Technology ,
UK
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now.
As a...more