On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more
On 19 March 2025, the European Data Protection Board published an updated procedure for co-operation between EU data protection supervisory authorities approving GDPR Binding Corporate Rules for intra-group transfers of EU...more
On 9 October 2024, the European Data Protection Board (EDPB) published its Opinion 22/2024, clarifying the responsibilities of controllers when relying on processors and sub-processors. This guidance emphasizes the importance...more
Following the European Court of Justice’s (“ECJ”) landmark judgement of 5 December 2023 (case no. C-807/21), the Higher Regional Court of Berlin specified the requirements for GDPR fine notices issued by data protection...more
This summer, the European Data Protection Board (“EDPB”) published the final version of its Recommendations 01/2022 (“Recommendations”) on Binding Corporate Rules for Controllers (“C-BCR”). During the turbulence caused by the...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
Binding Corporate Rules (BCR) are often considered the “gold standard” for international transfers of personal data subject to the GDPR. In contrast to the Standard Contractual Clauses of the European Commission (SCC), BCR...more
On 25 May 2022, the European Commission released long-awaited guidance for the Standard Contractual Clauses (SCCs) adopted in June 2021. The Commission has developed Questions and Answers (Q&As) as a dynamic source of...more
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) weigh in on the new Standard Contractual Clauses proposed by the European Commission (EC) for transfers to third countries (new...more
2/5/2021
/ Cybersecurity ,
Data Protection ,
EDPS ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Germany has seen a couple of record GDPR fines since the German Data Protection Authorities (DPA) issued their guidance paper on how to measure GDPR fines in October 2019. One of these DPA sanctions was recently subject to...more
11/18/2020
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
European Economic Area (EEA) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Statutory Violations
The European Data Protection Board (EDPB) has issued its long-awaited practical guidance following the Court of Justice of the European Union’s (CJEU) landmark Schrems II decision....more
When it comes to infringements of the EU General Data Protection Regulation (GDPR), the first thing that comes to mind are proceedings and fines imposed by the data protection authorities. It is often neglected that GDPR...more