Data Protection Officers (DPOs), EU Data Protection Laws

NIS2: Preparing for EU’s New Cybersecurity Rules

Wilson Sonsini Goodrich & Rosati on 4/22/2024

The European Union (EU) has revised its Cybersecurity Directive (NIS2). The new rules will apply to a wide range of companies in many sectors, create new cybersecurity obligations, and impose high fines for noncompliance. EU...more

European Data Protection Board adopts report on Data Protection Officers

A&O Shearman on 2/2/2024

The European Data Protection Board (EDPB) adopted a report on the challenges faced by Data Protection Officers (DPOs) (the Report) on 16 January 2024. This Report follows a coordinated investigation involving 25 EEA...more

U.S. Companies Now Have a Framework for EU-U.S. Personal Data Transfers

Brownstein Hyatt Farber Schreck on 7/18/2023

In a significant milestone for EU-U.S. cross-border transfers of personal data under Article 45 of the General Data Protection Regulation (GDPR), the European Commission adopted an adequacy decision for the new EU-U.S. Data...more

EU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers

Wilson Sonsini Goodrich & Rosati on 3/17/2023

On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to...more

Erfahrungsbericht: Latham & Watkins plädiert als erste Anwaltskanzlei zu DSGVO-Geldbußen vor dem Europäischen Gerichtshof

Latham & Watkins LLP on 3/8/2023

Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more

Don’t ask your DPO to set their own homework and mark it too!

BCLP on 2/24/2023

The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more

CJEU Rules on Dismissal of DPOs and Conflict of Interest

Faegre Drinker Biddle & Reath LLP on 2/23/2023

In a recent judgment, the Court of Justice of the European Union (the CJEU) has confirmed that Data Protection Officers (DPOs) can maintain other tasks and duties within their role, provided they do not result in a conflict...more

CJEU Finds That Companies Must Provide Individuals with the Identity of Data Recipients When Responding to Data Access Requests

Wilson Sonsini Goodrich & Rosati on 2/2/2023

On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled that the data subject’s right of access to personal data requires controllers to provide the data subject with the identity of the companies that...more

Recent Developments in Data Privacy

Cranfill Sumner LLP on 1/27/2023

For American companies doing business in Europe and European businesses relying on U.S. vendors and service providers, 2023 may be the year when Europe and the United States finally come together to implement a viable and...more

European Union Publishes Draft Standard Clauses for Trans-Atlantic Data Transfers

Poyner Spruill LLP on 11/25/2020

Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more

U.S. Employers and the GDPR: Where Are We Now?

Epstein Becker & Green on 8/25/2020

Even though the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, its application to U.S.-based employers continues to evolve and increase in complexity. For U.S. employers of European Union (“EU”)...more