E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
Following Malaysia’s introduction of data breach notification and data protection officer (“DPO”) appointment requirements in last year’s significant amendments to the Personal Data Protection Act (“PDPA”) (click here for our...more
India just released a landmark draft of new rules to refine and implement the Digital Personal Data Protection Act (DPDP Act) – which is India’s first comprehensive data privacy legislation regulating digital personal data...more
In 2024, Israel became the latest jurisdiction to enact comprehensive privacy legislation, largely inspired by the EU’s General Data Protection Regulation (“GDPR”). On August 5, 2024, Israel’s parliament, the Knesset, voted...more
On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a...more
The Brazilian Data Protection Authority (ANPD) has published its new regulation on the Data Protection Officer’s (DPO) role. A central figure in privacy governance, the DPO serves as the liaison between the data controller,...more
The Kingdom of Saudi Arabia (KSA or Kingdom) is a sovereign state located in the Middle East between the Red Sea and the Arabian Gulf (sometimes referred to as the Persian Gulf) and is one of the member states of the Gulf...more
Introduction - We have compiled the main differences between the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing...more
Governing Data Protection Legislation - 2.1. Overview of principal legislation - The General Regulation Data Protection (Regulation (EU) 2016/679) (“GDPR”), as implemented by Law 190/2018 is the principal data...more
On September 7, 2023, the Saudi Authority for Data and Artificial Intelligence (SDAIA) issued the Implementing Regulations of the Personal Data Protection Law (the Implementing Regulations) and the Regulations on Personal...more
In a significant milestone for EU-U.S. cross-border transfers of personal data under Article 45 of the General Data Protection Regulation (GDPR), the European Commission adopted an adequacy decision for the new EU-U.S. Data...more
Back in 2011, a German court ruled that works council membership did not necessarily preclude serving as data protection officer. The same court, after referring the question to the European Court of Justice, has now changed...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to...more
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
On January 12, 2023, the Court of Justice of the European Union (CJEU) ruled that the data subject’s right of access to personal data requires controllers to provide the data subject with the identity of the companies that...more
For American companies doing business in Europe and European businesses relying on U.S. vendors and service providers, 2023 may be the year when Europe and the United States finally come together to implement a viable and...more
Singapore Personal Data Protection Commission (PDPC) has published a guide on data protection in the blockchain. Some key points: Permissionless blockchain: •Any personal data published in-clear is a form of public...more
Data privacy officers (DPOs) and compliance officers are the first responders in the event of a data breach. Like all emergency workers, they must stand at the ready, prepared to jump into decisive action at a moment’s...more
Learning Objectives: - What is a PIA and a DPIA? - Who should instigate assessments? - How and when to use assessments? - The relationship between assessments and privacy by design, and legal grounds for processing...more
Since the General Data Protection Regulation (GDPR) was enacted a little over 3 years ago in May 2018, many organizations that collect personal data of individuals in the European Union (EU) have enhanced their data privacy...more
Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
On August 14, 2018, the Brazilian government approved the Brazilian General Data Protection Law, known as the Lei Geral de Proteção de Dados Pessoais (“LGPD”). Enforcement was set to begin on August 15, 2020 but then, due to...more
Efforts to Delay the LGPD Fail - As noted by our firm earlier this spring, Brazilian authorities have considered delaying the General Personal Data Protection Law’s (“Lei Geral de Proteção de Dados” or “LGPD”) effective...more