In politically uncertain times, is your organisation’s data transfer compliance unquestionable?
The EU-U.S. Data Privacy Framework (DPF) serves as a useful mechanism for transatlantic data transfers, and it can assist...more
4/4/2025
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Transfers ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Regulatory Requirements ,
Risk Management ,
Standard Contractual Clauses ,
Trump Administration ,
UK
The European Union’s Digital Operational Resilience Act (DORA) came into effect on January 17, 2025. DORA aims to harmonise rules concerning the provision of information and communication technology (ICT) services to...more
1/27/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Supervisory Authorities (ESAs) ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Investment Management ,
Risk Management ,
Technology Sector ,
Third-Party Service Provider
Organisations are facing a new era of nonfinancial reporting with the European Union’s Corporate Sustainability Reporting Directive (CSRD), now in effect. CSRD reporting is standardised through the European Sustainability...more
11/26/2024
/ Climate Change ,
Compliance ,
Corporate Governance ,
Corporate Social Responsibility ,
Disclosure Requirements ,
Diversity and Inclusion Standards (D&I) ,
Environmental Social & Governance (ESG) ,
EU ,
EU Directive ,
Member State ,
Penalties ,
Reporting Requirements ,
Sustainability ,
Sustainable Business Practices
The new Labour government has set out its plans for reforming the labour market in its Employment Rights Bill just within the first one hundred days in office. This volume of change was initially set out in the Labour...more
10/11/2024
/ Administrative Agencies ,
Contract Terms ,
Employee Rights ,
Employment Contract ,
Flexible Work Arrangements ,
Gig Economy ,
Paid Leave ,
Proposed Legislation ,
Redundancy Dismissals ,
UK ,
UK Parliament ,
Unfair Dismissal ,
Wage and Hour
Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more
9/26/2024
/ Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
Digital Services ,
Due Diligence ,
Hardware ,
Information Commissioner's Office (ICO) ,
Information Technology ,
Risk Assessment ,
Security and Privacy Controls ,
Software ,
Supply Chain ,
Third-Party Service Provider ,
UK
Organisations that make international transfers of personal data have undergone significant challenges and changes over the last few years. With the invalidation of the Privacy Shield agreement in 2020 and the introduction of...more
9/26/2024
/ Compliance ,
Consent ,
Corporate Fines ,
Data Breach ,
EU ,
EU-US Privacy Shield ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Oversight ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Third-Party Service Provider ,
UK
In response to the increasing number of cyberattacks and the acceleration of digital transformation across sectors, the European Union has revised and improved its Network and Information Security (NIS) Directive.
The...more
The European Union Digital Services Act (DSA) now applies to all digital “intermediary services” that provide users with access to online goods, services, and content. The DSA took effect on November 16, 2022, and regulates a...more
2/27/2024
/ Brand ,
Compliance ,
Data Storage ,
Data Storage Providers ,
Digital Marketplace ,
Digital Service Providers ,
Digital Services ,
EU ,
European Commission ,
Goods or Services ,
Online Platforms ,
Regulatory Requirements ,
Regulatory Standards ,
Traders
On December 8, 2023, European Union policymakers brokered a deal on a broad law to regulate the development and use of artificial intelligence (AI) in the European Union....more
On November 27, 2023, the California Privacy Protection Agency (CPPA) unveiled draft automated decisionmaking technology (ADMT) regulations that would set forth new consumer protections related to the profiling of consumers...more
11/30/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Data Profiling ,
Employer Responsibilities ,
Notice Requirements ,
Opt-In ,
Opt-Outs ,
Personal Information ,
Proposed Regulation ,
Public Comment ,
Regulatory Authority ,
Right-To-Access ,
Risk Assessment ,
Tracking Systems
The United Kingdom’s Online Safety Bill has recently received royal assent and become law as the Online Safety Act (OSA)....more
The world’s first artificial intelligence (AI) regulatory framework is “a step closer” to becoming law, the European Parliament recently announced. Following the European Commission’s 2021 draft proposal, a draft negotiating...more
On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck...more
4/1/2022
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Amid concerns surrounding the rapid rise in COVID-19 omicron cases, the UK government recently implemented Plan B measures in England. Here is a summary of the implications of these measures for employers...more
1/3/2022
/ Certification Requirements ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Emergency Management Plans ,
Masks ,
New Legislation ,
Public Health Emergency ,
Quarantine ,
Remote Working ,
Shelter-In-Place ,
UK ,
Virus Testing ,
Workplace Safety
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
12/23/2021
/ Adequacy Requirement ,
Binding Corporate Rules ,
Consultation ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Subject Access Requests ,
Electronic Communications ,
EU ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Risk-Based Approaches ,
Standard Contractual Clauses ,
UK
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
6/14/2021
/ Compliance ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Transfers ,
Employee Privacy Rights ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After the political and constitutional upheaval of the last four years that has been Brexit, a trade deal - the EU-UK Trade and Cooperation Agreement - was finally reached between the United Kingdom (UK) and the European...more
1/27/2021
/ Data Privacy ,
EU ,
European Economic Area (EEA) ,
Grace Period ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Privacy Laws ,
Trade Agreements ,
UK ,
UK Brexit
The Court of Justice of the European Union (CJEU) recently declared that the EU-U.S. Privacy Shield is invalid because it does not provide an adequate level of protection for the transfer of personal data from the European...more
On July 16, 2020, the Court of Justice of the European Union (CJEU) announced its judgment in the so-called Schrems II case (Case C-311/18), declaring that the EU-U.S. Privacy Shield is invalid because it does not provide an...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Personal Data ,
Safe Harbors ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
U.S. Commerce Department
An employer’s response to COVID-19 involves numerous privacy issues. Below are some answers to frequently asked questions (FAQs) about these issues within the United States and globally, based on laws such as the Americans...more
As coronavirus disease 2019 (COVID-19) continues to spread, employers have been trying to strike a balance between safety and privacy as they apply their own policies and attempt to follow laws such as the General Data...more
3/4/2020
/ Centers for Disease Control and Prevention (CDC) ,
Coronavirus/COVID-19 ,
Emergency Management Plans ,
Employee Privacy Rights ,
Employer Liability Issues ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Public Health ,
Workplace Safety
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
5/22/2019
/ Austria ,
CCTV ,
CNIL ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Employer Liability Issues ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Human Resources Professionals ,
Netherlands ,
Personal Data ,
Personnel Records ,
Portugal ,
Regulatory Violations ,
Risk Management ,
Social Networks ,
Surveillance ,
Video Recordings
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
On April 19, 2018, the Article 29 Working Party (Working Party), which is comprised of representatives from the data protection authorities in each of the 28 European Union (EU) member states, issued a position paper stating...more