Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The European Data Protection Board (EDPB), the independent EU body responsible for ensuring the consistent application of the EU General Data Protection Regulation (GDPR) across all EU member states, has kicked off its...more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
GDPR compliance can be tricky. Even if you summon the willpower to read through the law’s text, it can be tough to know where to start. As an alternative to pouring through the GDPR’s legalese, one way to establish a...more
BACKGROUND - U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the...more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
Connecticut is the fifth U.S. state, and the second this year after Utah passed the Utah Consumer Privacy Act (“UCPA”), to enact a comprehensive data privacy legislation. S.B. 6, known as the Connecticut Data Privacy Act...more
China had a lot of legislative movement in the area of data privacy this year. On June 10, 2021, the Data Security Law (DSL) was passed and it became effective on Sept. 1, 2021. This is a broader law applying to data...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
American companies should take notice of some important developments in data privacy laws in the U.S. and in the European Union. California Privacy Rights Act - On November 3, 2020, California voters approved the...more
On Friday September 4, 2020, the European Data Protection Board (EDPB), a body consisting of representatives of all the Data Protection Authorities (DPAs) in the European Economic Area, announced that it had formed two new...more
On January 17, The Belgian Data Protection Authority (DPA) published Recommendation no 01/2020 providing Guidance on direct marketing. The Recommendation provides a methodology on how to comply with the General Data...more
The European Data Protection Supervisor (EDPS) has issued guidance on the concepts of data controller and processor for European Union organizations. Though it covers EU institutions, the guidance contains many concepts that...more
The EU General Data Protection Regulation (GDPR), which revised and sought to ensure greater harmonization of the European Union’s data protection framework, took effect in May 2018. Among the changes it introduced was the...more
On 21 January 2019, the French Data Protection Authority (the “French DPA”) fined Google LLC 50 million euros for breach of the GDPR. As we reported on this blog, just after GDPR became applicable, noyb.eu (None of Your...more
Six months have now passed since the implementation of the EU General Data Protection Regulation (GDPR). The GDPR has raised awareness of the importance of personal privacy as a fundamental right and placed data protection...more
The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May 25, 2018, there continues to...more
A data lake is an infrastructure that permits different data sets from within a group to be combined and analysed together. To analyse a data lake under GDPR, it is helpful to think of a data lake in two phases, which we...more
The European Court of Justice (ECJ) in Luxembourg rendered a judgment on July 12 that explains, among other things, what a (joint) data controller is. The judgment is on the “old” EU Data Protection Directive 95/46/EC, but...more
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. Although EU laws typically don’t have a worldwide impact, the GDPR will impact business across the globe. The GDPR has an extremely...more
On May 25, 2018, the European Union (“EU”) will implement the most robust regulation of privacy data that the digital world has ever seen—commonly known as the General Data Protection Regulation, or “GDPR.” The GDPR is the...more
I probably don’t need to tell you that data privacy and protection are some of the thorniest topics right now in legal, IT, and records management practices. ...more
Nationalism and Cross-Border M&A: Navigating Populist Politics in Deal Making - More than half of the G20 countries voted-in campaigns that focused on harming foreign, outside interests as a means to strengthen domestic...more
The European Union’s highest court has, effective immediately, invalidated the US-EU Safe Harbor program relied upon by many companies as the basis for lawfully transferring and processing personal information from the EU to...more
As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid. The full decision is now available online in English (other languages also available at curia.europa.eu by searching on...more
Following a significant fine against the parties to an asset acquisition for illegally transferring customer information, the Bavarian Data Protection Supervisory Authority (Bavarian DPA) announced on August, 20, 2015 that it...more