The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
4/16/2025
/ Cybersecurity ,
Data Processors ,
Digital Operational Resilience Act (DORA) ,
Distributors ,
EU ,
General Data Protection Regulation (GDPR) ,
Hardware ,
Importers ,
Manufacturers ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Supply Chain
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
The agreed text of the AI Act was published on July 12, 2024, essentially starting the clock on the legal deadlines contained in it. Its obligations will apply in tiered phases, with the first key obligations being enforced...more
7/22/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Distributors ,
EU ,
Exemptions ,
Imports ,
Information Governance ,
Machine Learning ,
Manufacturers ,
Recordkeeping Requirements ,
Risk Assessment ,
Supply Chain
In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software...more
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing...more
4/10/2024
/ Compliance ,
Cybersecurity ,
Data Security ,
Distributors ,
EU ,
Imports ,
Internet ,
Internet of Things ,
Manufacturers ,
Regulatory Standards ,
Telecommunications ,
UK
The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies,...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers.
The new DORA seeks to strengthen the resilience of financial...more
7/21/2023
/ Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information and Communication Technology (ICT) ,
Information Technology ,
Internet Service Providers (ISPs) ,
New Legislation ,
New Regulations ,
Third-Party Service Provider
From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of personal data.
U.S. privacy regulations are currently a complex framework of...more
7/6/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
China ,
Compliance ,
Cross-Border Transactions ,
Cybersecurity ,
Data Privacy ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Personal Information Protection Law (PIPL) ,
Popular ,
Sensitive Personal Information ,
State Privacy Laws ,
UK ,
UK GDPR
UK Supreme Court ruled this week in favour of retailer facing vicarious liability class action claims following significant data breach caused by rogue employee. The case is a stark reminder of the responsibilities of...more
How will the new European Union data protection law affect U.S. nonprofit organizations?
Nonprofit organizations based in the U.S. can often handle large amounts of data which originates in the EU—for example, they may...more
4/24/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Nonprofits ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Websites
NHS and social care organisations in the UK are being encouraged to take a fresh look at public cloud services given the myriad benefits of doing so.
The guidance is timely given the coming into force of the GDPR in May,...more
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing...more
The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
The Irish High Court has “well-founded” concerns that there is no...more
11/17/2017
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Clauses
Those of us who have been grappling with how best to approach GDPR compliance in outsourcing and other commercial contracts will be all too familiar with Article 28 of the GDPR, which sets out a number of minimum contract...more
The Court of Justice of the European Union (CJEU) has been very busy in recent weeks re-shaping EU privacy laws. In addition to the much-anticipated decision in “Schrems” (Case C-362/14), which essentially rules the US-EU...more
10/29/2015
/ Compliance ,
Cybersecurity ,
Data Protection ,
Debt Collection ,
European Commission ,
European Court of Justice (ECJ) ,
Hungary ,
International Data Transfers ,
Member State ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Sanctions ,
US-EU Safe Harbor Framework
Given the range of threats and the catastrophic impact an attack could have on an airline, strategizing to reduce the risk of breaches and implementing plans to deal with them once they occur should be prioritized at board...more
When precisely is a data controller lawfully permitted to process personal data?
If a data controller does not have the consent of a data subject to process his or her data, when does the “legitimate interest”...more
Much has been said about the EU "Cookie" laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011. Companies with European customers (including those in the US) have grappled with the...more
It is difficult to recall a time when the issue of personal data transfers from the European Economic Area ("EEA") has been as widely and hotly debated as it has over the past year or so. Significant movements during the past...more