Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention to release new tools and ran EU-wide data breach notification...more
The UK Serious Fraud Office (SFO) has issued new guidance to encourage companies to self-report suspected corporate criminal conduct and cooperate fully with investigations. Our transatlantic White Collar, Government &...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
3/21/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Direct Marketing ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
Our Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union....more
12/12/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Distributors ,
EU ,
European Commission ,
Importers ,
Manufacturers ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On 14 November, and after many years of negotiations, Chile adopted a new Data Protection Act (la Ley que regula la protección y el tratamiento de los datos personales y crea la Agencia de protección de datos personales)....more
EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU...more
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
9/26/2024
/ Artificial Intelligence ,
Automation Systems ,
Belgium ,
Compliance ,
Corporate Counsel ,
Data Processors ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Regulatory Oversight
Theodore Christakis, Professor of International Law at the University Grenoble Alpes and Senior Fellow and Director of Research for Europe at the Cross-Border Data Forum, has published a new comprehensive analysis on...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued an important decision on how the GDPR governs AI-assisted decisions. The case arose in the financial services context, with the court holding that...more
The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more
11/27/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
European Commission ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Technology ,
Investment Firms ,
Popular ,
Risk Management
Last month, the European Union’s new Data Governance Act (DGA) came into effect. Our Privacy, Cyber & Data Strategy Group provides an overview of the key features of the DGA and discusses how the new law may impact businesses...more
On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal...more