Sitting with the C-Suite: eDiscovery Priorities – Thoughts on the Next Five Years
Jones Day Presents: Effect of GDPR, CCPA, and FTC on Blockchains
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies....more
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision. On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
You are an American company. While you sell product or otherwise interact with Europe, and thereby collect personal information about European residents, you have no assets or facilities on that continent. Nonetheless, you...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ——— (b) Relevant legislation includes: ...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ———...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ——— (b) Relevant legislation...more
Santa Clara, California-based Intel Corporation has published what it is calling the “final draft” of its proposed U.S. federal privacy legislation, the original version of which was published in November 2018. As a result,...more
Why does this topic matter to organisations? Processing of personal data is lawful only if, and to the extent that, it is permitted under EU data protection law. If the controller does not have a lawful basis for a given...more
The European Data Protection Board (EDPB), the successor to the Article 29 working party, recently provided long-awaited guidance on the territorial scope set forth in Article 3 of the General Data Protection Regulation...more
Any entity processing personal data on your behalf (i.e., your vendors) must have a written contract in place. The GDPR requires specific language in your vendor contracts. Review steps 1–4 below to bring your vendor...more
In the United States companies are not required to inventory the type of data that they maintain, or map where that data flows in (and out) of their organization. That said, knowing the type of data that you collect, where it...more
Businesses have two years to comply with Europe’s new privacy regime. On 24 May 2016, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR...more