On December 6, 2017, the European Union’s Article 29 Working Party released two sets of guidelines on Binding Corporate Rules (“BCRs”) it had adopted a week earlier. BCRs are internal rules that define a group of companies’...more
One of the key components of the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is its stronger enforcement mechanisms. Administrative fines are one of the most powerful parts of the enforcement...more
On October 18, the Article 29 Working Party released its draft of “Guidelines on Personal data breach notification under Regulation 2016/679” (“Guidelines on Personal data breach notification,” WP250). The guidelines are not...more
On October 18, the Article 29 Working Party released its draft of “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679” (“Guidelines on Automated individual decision-making...more
The EU General Data Protection Regulation’s (GDPR) requirements are coming into focus quickly as EU data protection authorities continue to issue guidance on different aspects of the law. On April 4, 2017, the Article 29...more
The UK Information Commissioner’s Office (ICO) continues to play an active role in shaping data protection law in the EU, notwithstanding the UK’s decision to leave the EU in the aftermath of Brexit. On April 6, 2017, the ICO...more
The EU’s Article 29 Working Party (WP29) held a plenary meeting in early December 2016. At the meeting, the WP29 adopted guidelines and issued FAQs relating to the EU General Data Protection Regulation’s (GDPR’s) provisions...more