The European Commission has published draft updated standard contractual clauses in light of the Schrems II decision.
On 12 November 2020, the European Commission (the Commission) published a draft implementing decision,...more
12/8/2020
/ Data Controller ,
Data Processors ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
Public Consultations ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The EDPB takes a strict approach in its recent guidance on international data transfers following Schrems II, posing a difficult challenge for businesses.
On 10 November, the European Data Protection Board (EDPB) released...more
Latham develops new resource to identify considerations for assessing SCC and BCR data transfers in Europe.
Following the Schrems II decision in July 2020, organisations relying on the standard contractual clauses (SCCs) or...more
A ruling by the EU’s top court invalidates the key mechanism for transferring personal data from the EU to the US and imposes additional conditions for use of the standard contractual clauses.
On 16 July 2020, the Court of...more
After the recent two-year anniversary of the GDPR, one fundamental question remains — who does the GDPR apply to?
Last month marked the two-year anniversary of the General Data Protection Regulation (GDPR), but its...more
Update confirms the introduction of an active “duty of care” and a dedicated regulator, as part of a comprehensive new online regulatory regime.
Following a wave of commentary from industry, the social sector, and other...more
2/21/2020
/ Digital Services ,
Duty of Care ,
Enforcement ,
EU ,
EU Directive ,
Likelihood of Harm ,
New Regulations ,
Online Platforms ,
Public Communications ,
Regulatory Standards ,
Social Networks ,
UK ,
White Papers
“Business as usual” for UK-EU data protection transition in 2020.
On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January...more
2/14/2020
/ Corporate Counsel ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Transitional Arrangements ,
UK ,
UK Brexit ,
Withdrawal Agreement
Data protection violations may result in German authorities imposing significantly increased fines.
The Conference of the German Data Protection Authorities (DSK) ? the joint body of the German data protection authorities...more
10/4/2019
/ Administrative Proceedings ,
Calculation of Penalties ,
Corporate Counsel ,
Corporate Fines ,
Data Breach ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
Risk Management
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
Companies should act now to prepare for the full implementation of the MDR and IVDR.
On 26 May 2020, Regulation (EU) 2017/745 on medical devices (MDR) will become fully active, reflecting an overhaul of the current...more
The guidance provides helpful clarity on key regulatory changes impacting life sciences companies in the event of a no-deal Brexit.
The UK Medicines and Healthcare products Regulatory Agency (MHRA) has published a...more
4/4/2019
/ Article 50 Treaty of the EU ,
EU ,
European Economic Area (EEA) ,
Health Care Providers ,
Healthcare ,
Life Sciences ,
Medicines and Healthcare Products Regulatory Agency (MHRA) ,
New Guidance ,
New Legislation ,
No-Deal Brexit ,
Pharmaceutical Industry ,
Time Extensions ,
UK ,
UK Brexit ,
Withdrawal Agreement
European regulators are expected to align their processes and guidance to accommodate the EDPB’s recommended approach to processing special categories of personal data.
In January, the European Data Protection Board (EDPB)...more
Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal.
“No Deal” Brexit -...more
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation.
The UK government moved closer to implementing the Security of Network and Information Systems...more
As European data protection regulators prepare to enforce the General Data Protection Regulation (GDPR) from May 2018, private equity firms must act to minimise the risk of becoming financially liable for the data protection...more
12/14/2017
/ Antitrust Provisions ,
Corporate Liability ,
Data Breach ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Portfolio Companies ,
Private Equity ,
UK
The Article 29 Working Party (WP29), an independent European advisory body on data protection and privacy released the results of their first review of the EU-US Privacy Shield on Wednesday (6 December 2017). The WP29 has...more
The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory...more
On October 3, 2017, the Irish High Court announced that it will make a reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the validity of the Standard Contractual Clauses, which allow...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
6/2/2017
/ CNIL ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Multinationals ,
UK ,
UK Brexit ,
UK Data Protection Act
The General Data Protection Regulation (GDPR or Regulation) will become applicable in one year, as of May 25, 2018. A lot has happened since we set out the key provisions of the Regulation last year....more
On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data...more
State of the European Union address on September 14 reveals European Commission’s next proposed steps in its Digital Single Market initiative.
Jean-Claude Juncker announced the results of the European Commission’s (the...more
The Commission’s proposals aim to reform EU Copyright laws as part of its package of proposals towards an EU Digital Single Market.
On 14 September 2016 the European Commission (the Commission) adopted new proposals for...more
After over four years of debate, the General Data Protection Regulation (GDPR) recently came into force, taking effect after a two year transition period, i.e. from 25 May 2018. The GDPR introduces a rigorous and far-reaching...more