Tim Hickman

Tim Hickman

White & Case LLP

Contact

Readers' Choice Awards

Data Privacy
View Bio
RSS

Latest Posts › General Data Protection Regulation (GDPR)

Share:

AI Watch: Global regulatory tracker - European Union

The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI. Laws/Regulations directly regulating AI (the “AI Regulations”) The primary legislative framework for regulating AI...more

4/14/2025  /  AI Act , Artificial Intelligence , Compliance , Data Protection , Enforcement , EU , General Data Protection Regulation (GDPR) , Popular , Regulatory Requirements , Risk Management , Transparency

The Data Act – the EU's bid to "ensure fairness in the digital environment and a competitive data market" – has been adopted

On November 27, 2023, the European Union ("EU") adopted the final text of the Data Act, marking an effort to create a harmonized, cross-sectoral data sharing framework with the stated goal of ensuring fair access to and use...more

11/30/2023  /  B2B Organizations , Corporate Counsel , DATA Act , Data Protection , Digital Data , Enforcement Actions , EU , EU Data Protection Laws , European Commission , General Data Protection Regulation (GDPR) , New Legislation , Personal Data , Small and Medium-Sized Enterprises (SMEs) , Technology Sector

The UK-US Data Bridge: Practical Considerations for UK Organisations

The UK-US Data Bridge (the "Data Bridge") has now come into effect, potentially simplifying transfers of personal data from the UK to the US. On 12 October 2023, the Data Bridge took effect. The Data Bridge allows UK...more

10/13/2023  /  Court of Justice of the European Union (CJEU) , Cybersecurity Framework , EU , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Standard Contractual Clauses , UK

Somewhere Between a Summary and a Data Dump – CJEU Finds Controllers Must Provide Data Subjects a “Faithful And Intelligible” Copy...

The Court of Justice of the EU (CJEU)1 has held that the General Data Protection Regulation (GDPR) requires controllers to provide data subjects a "faithful reproduction" of their personal data, which takes into account the...more

5/17/2023  /  Court of Justice of the European Union (CJEU) , Data Collection , Data Controller , Data Protection , Data Protection Authority , EU , EU Data Protection Laws , General Data Protection Regulation (GDPR) , Personal Data

Civil Plaintiffs Must Prove GDPR Damages, says CJEU

The Court of Justice of the European Union (CJEU) ruled out automatic damages awards for civil litigants establishing infringements of the General Data Protection Regulation (GDPR). At the same time, the CJEU suggested that...more

5/15/2023  /  Compensation , Court of Justice of the European Union (CJEU) , Damages , EU , General Data Protection Regulation (GDPR) , Infringement , Member State

CJEU clarifies GDPR obligation to disclose details of recipients

The GDPR allows individuals to request information about the “recipients or categories of recipients” to whom their personal data has been disclosed. In a recent ruling, the EU’s Court of Justice said data subjects get to...more

1/18/2023  /  Court of Justice of the European Union (CJEU) , Data Protection , Data Transfers , EU , European Court of Justice (ECJ) , General Data Protection Regulation (GDPR) , Personal Data

Mere “upset” not sufficient for GDPR compensation claims - Advocate General

The Advocate General of the Court of Justice of the EU has issued an Opinion stating that mere "upset" is not sufficient to give rise to a claim for compensation under Article 82 of the GDPR....more

10/12/2022  /  Advocate General , Compensation , EU , European Court of Justice (ECJ) , General Data Protection Regulation (GDPR) , Infringement

EDPB issues guidelines on right of access under Art. 15 GDPR

On January 18, 2022, the European Data Protection Board (the "EDPB") issued the Guidelines 01/2022 on data subject rights - Right of access (the "Draft Guidelines"), laying out its interpretation of Article 15 GDPR on the...more

2/18/2022  /  Data Protection , Data Subject Access Requests , Disclosure , Draft Guidance , EU , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , Member State , Personal Data , Technology

Rules on Cross-Border Data Transfers become (a little) clearer

In recent weeks, there has been a series of important developments affecting cross-border data transfers. First, on 21 June 2021, the European Data Protection Board ("EDPB") published its final, much-anticipated...more

7/6/2021  /  Court of Justice of the European Union (CJEU) , Cybersecurity , Data Protection , EU , EU-US Privacy Shield , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Standard Contractual Clauses

Just Arrived – the New Standard Contractual Clauses for International Data Transfers

The European Commission recently published an updated version of the standard contractual clauses for the transfer of personal data to third countries ('SCCs'). Companies can use such SCCs to provide the appropriate...more

6/21/2021  /  Cybersecurity , Data Protection , EU , EU-US Privacy Shield , European Commission , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Schrems I & Schrems II , Standard Contractual Clauses

UK Adequacy Decision – one step closer

On 14 April 2021, the European Data Protection Board ("EDPB") announced that it had adopted two Opinions on the draft UK adequacy decisions issued by the European Commission on 19 February 2021. The EDPB’s take on the draft...more

4/16/2021  /  Cybersecurity , Data Protection , EU , European Commission , European Data Protection Board (EDPB) , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , International Data Transfers , Standard Contractual Clauses , UK , UK Brexit

Brexit trade deal allows data transfers to continue (for now)

In a positive development for multinational businesses, the Brexit Trade and Cooperation Agreement provides a temporary solution to allow the continued transfer of personal data from the EEA to the UK without the need for...more

12/31/2020  /  Cooperation Agreement , Cybersecurity , EU , European Commission , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , International Data Transfers , Standard Contractual Clauses , UK , UK Brexit

UK ICO fines BA £20m for data breach

In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more

10/29/2020  /  British Airways , Civil Monetary Penalty , Data Breach , Enforcement Actions , Fines , General Data Protection Regulation (GDPR) , Hackers , Personally Identifiable Information , Popular , UK ICO

Court of Justice invalidates EU-U.S. ‘Privacy Shield’ pact

The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more

7/19/2020  /  Binding Corporate Rules , Court of Justice of the European Union (CJEU) , Data Protection Authority , EU , EU-US Privacy Shield , European Commission , European Economic Area (EEA) , General Data Protection Regulation (GDPR) , International Data Transfers , Personal Data , Popular , Standard Contractual Clauses

COVID-19 and Data Protection Compliance

Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more

3/28/2020  /  Coronavirus/COVID-19 , Data Protection , Data Protection Impact Assessments (DPIAs) , Data Security , EU , General Data Protection Regulation (GDPR) , Personal Information , Personally Identifiable Information , Privacy Notice Rule , Public Health Emergency , Sick Employees , UK , UK Data Protection Act , Virus Testing

GDPR Guide to National Implementation: Malta - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/23/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Malta , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions

GDPR Guide to National Implementation: Netherlands - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/21/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Netherlands , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions

GDPR Guide to National Implementation: Norway - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/18/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Norway , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions

GDPR Guide to National Implementation: Poland - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed replacing the main pre-GDPR legislation...more

1/17/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Poland , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions

GDPR Guide to National Implementation: Portugal - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/14/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Portugal , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions

GDPR Guide to National Implementation: Romania - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated in addition to new legislation being...more

1/13/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Romania , Sanctions

GDPR Guide to National Implementation: Slovakia - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/11/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions , Slovakia

GDPR Guide to National Implementation: Slovenia - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Slovenia is in the process of adopting new legislation (the “Draft Law”)....more

1/10/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions , Slovenia

GDPR Guide to National Implementation: Spain - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed....more

1/9/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions , Spain

GDPR Guide to National Implementation: Sweden - A practical guide to national GDPR compliance requirements across the EEA

Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? The main national pre-GDPR act on data privacy has been revoked, whereas...more

1/8/2020  /  Compliance , Data Processors , Data Protection , Data Protection Authority , Data Protection Impact Assessments (DPIAs) , Data Protection Officers (DPOs) , Data Subjects Rights , Decedent Protection , Employee Privacy Rights , Enforcement Actions , EU , EU Data Protection Laws , European Economic Area (EEA) , Exemptions , Fines , Freedom of Expression , Freedom of Information , General Data Protection Regulation (GDPR) , International Data Transfers , International Harmonization , Joint Control , Minor Children , National Identification Numbers , Nonprofits , Penalties , Personally Identifiable Information , Prior Authorization , Prior Express Consent , Public Interest , Regulatory Standards , Sanctions , Sweden
76 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide