NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Compliance Perspectives: The Privacy and Data Security Track at the 2020 Compliance & Ethics Institute
Compliance Perspectives: Regulatory Conflicts in Data Privacy Laws
E14: The Three Pillars of GDPR
E12: GDPR Article 22 and Automated Decision Making
Navigating the stringent requirements of data subject access requests (DSARs) can feel like summitting a mountain—the path forward isn’t always clear, pitfalls abound, and you’re fighting gravity all the way....more
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
On 12 October the UK–U.S. “data bridge” becomes operational, providing an additional, compliant route for UK-outbound transfers of personal data to U.S. organisations that are EU-U.S. Data Privacy Framework members. UK...more
GDPR compliance can be tricky. Even if you summon the willpower to read through the law’s text, it can be tough to know where to start. As an alternative to pouring through the GDPR’s legalese, one way to establish a...more
To date, US non-profit organizations have enjoyed an exemption from the state omnibus privacy laws. That’s about to change. Unlike the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA),...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
The road to the adoption of a lasting framework for EU-U.S data transfers has been anything but smooth. Much like its predecessor, Safe Harbor, the EU-U.S Privacy Shield met its end in 2020 when the Court of Justice of the...more
Organisations must provide individuals with information on the specific recipients of their data upon request. The Court of Justice of the European Union (CJEU) has ruled that organisations must generally disclose the...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
With the governor signing SF 262 into law last week, Iowa became the sixth US state with a comprehensive privacy law. The law goes into effect January 1, 2025. It applicability is similar to other states’ laws. It applies to...more
The Advocate General (AG) Pikamäe of the Court of Justice of the European Union (CJEU) issued his opinions in three cases concerning the credit rating agency SCHUFA Holding AG (SCHUFA) on 16 March 2023....more
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology (DSIT). If enacted, the Bill will make changes to the UK...more
We’re now approaching the five-year anniversary of the General Data Protection Regulation (GDPR) taking full effect. In the run-up to 2018 and the period afterwards, there were many predictions about the likely direction of...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
Under the European Union’s General Data Protection Regulation (GDPR), individual data subjects have the right to request that the data controller share information regarding the data subject’s personal information...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
The Advocate General opined that data subjects must prove that they suffered damage from a GDPR breach in order to claim compensation. Article 82 of the General Data Protection Regulation (GDPR) states that any person...more
With the use of Data Subject Access Requests (DSARs) becoming increasingly common, it is important that anyone dealing with personal data understands what a DSAR is, when it can be used, how an organisation should respond to...more
Unless the California legislature acts soon, the scope of information subject to the California Privacy Rights Act (“CPRA”) will include all employee or human resource-related personal information on January 1, 2023. To date,...more
This webinar is intended for eDiscovery professionals interested in the overlap between data privacy and eDiscovery capabilities, workflows and use cases. The tools to tackle the protection of personal data already exist...more
The “right of access” recognized by art.15 GDPR is one of the most fervently exercised rights by individuals. Nowadays, where companies tend to amass considerable amounts of information and carry out data processing...more
On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data...more
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”) into law. The CPA will take effect on July 1, 2023 and joins the California Consumer Privacy Act (“CCPA”), the California Privacy Rights...more
NGE Corporate & Securities partner John Koenigsknecht recently interviewed Data Privacy & Information Governance partner David Wheeler about the new standard contractual clauses and the complex task of assessing and...more
There are many similarities between the Colorado Privacy Act (ColoPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data privacy Act (VCDPA), and Europe’s GDPR,...more