A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Recently, there has been an increase in individual rights activity across Europe, particularly organizations receiving Data Subject Access Requests (DSARs) from former employees. ...more
Un paquete de reformas relevantes fue aprobado recientemente en México, introduciendo nuevas regulaciones en materia de protección de datos personales y transparencia. Este cambio estructural en el marco normativo mexicano se...more
A major reform package was recently enacted in Mexico introducing new regulations on personal data protection and transparency. This structural shift in Mexico’s regulatory framework will unfold over the coming months, but...more
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more
On 23 October 2024, the Data (Use and Access) Bill (the “DUAB”) was introduced to Parliament. The DUAB is the Labour government’s answer to the perceived shortfalls of the since-abandoned Data Protection and Digital...more
On 22 December 2023, the EU published Regulation (EU) 2023/2854, the Data Act, in the Official Journal of the EU. The Data Act is a new regulation providing harmonised rules on access to data, switching cloud providers and...more
The Consumer Finance Protection Bureau (CFPB) on Oct. 19, 2023, proposed a new Personal Financial Data Rights rule (Proposal) through which it seeks to increase competition in the financial sector. The Proposal was developed...more
On May 24, 2023 (or as we like to call it, the eve of GDPR’s 5th birthday), the UK’s data protection body, the Information Commissioner’s Office (the ICO), published a new guide for employers on responding to data subject...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
Organisations must provide individuals with information on the specific recipients of their data upon request. The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
Iowa has joined California, Colorado, Utah, Connecticut, and Virginia in the growing rank of states to enact a statewide consumer data privacy law. Dubbed the Iowa Consumer Data Protection Act (ICDPA), the regulation was...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
To date, 71% of the world’s countries feature some form of privacy legislation. More and more businesses are subject to data privacy regulations, and more and more businesses are working hard to ensure they’re respecting...more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
In 2023, new comprehensive data privacy laws come into effect in five states — California, Colorado, Connecticut, Utah, and Virginia. The California Privacy Rights Act of 2020 (CPRA) and the Virginia Consumer Data Protection...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
With the use of Data Subject Access Requests (DSARs) becoming increasingly common, it is important that anyone dealing with personal data understands what a DSAR is, when it can be used, how an organisation should respond to...more
The UK government is proposing to amend its data privacy regime to make it easier for employers to comply with its requirements. The main points that would impact employers (if implemented) are that it would be easier to...more
On January 18, 2022, the European Data Protection Board (the "EDPB") issued the Guidelines 01/2022 on data subject rights - Right of access (the "Draft Guidelines"), laying out its interpretation of Article 15 GDPR on the...more
Corporations need to do more internal investigations than ever before. They need investigations to be able to respond adequately and timely to requests from regulators....more
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
The “right of access” recognized by art.15 GDPR is one of the most fervently exercised rights by individuals. Nowadays, where companies tend to amass considerable amounts of information and carry out data processing...more
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more