Data protection violations may result in German authorities imposing significantly increased fines.
The Conference of the German Data Protection Authorities (DSK) ? the joint body of the German data protection authorities...more
10/4/2019
/ Administrative Proceedings ,
Calculation of Penalties ,
Corporate Counsel ,
Corporate Fines ,
Data Breach ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
Risk Management
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
The proposals would grant consumers increasing rights to require providers to share access to their data directly with chosen third parties.
The UK government has released a consultation advocating the introduction of...more
8/2/2019
/ BEIS ,
Consultation ,
Data-Sharing ,
Digital Marketplace ,
Financial Services Industry ,
Open Banking ,
Personal Data ,
Portability ,
Social Networks ,
Third-Party ,
UK
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
Companies should act now to prepare for the full implementation of the MDR and IVDR.
On 26 May 2020, Regulation (EU) 2017/745 on medical devices (MDR) will become fully active, reflecting an overhaul of the current...more
UK publishes White Paper with hard-hitting regulatory proposals to tackle online harms.
On 8 April 2019, the Home Office and the Department for Culture, Media and Sport (DCMS) published an “Online Harms White Paper”,...more
4/11/2019
/ Child Abuse ,
Civil Liability ,
Corporate Counsel ,
Criminal Liability ,
Duty of Care ,
E-Commerce ,
Enforcement Authority ,
Exploitation ,
Online Platforms ,
Privacy Laws ,
Regulatory Agenda ,
Social Networks ,
Terrorist Threats ,
UK ,
UK Data Protection Act ,
White Papers
The guidance provides helpful clarity on key regulatory changes impacting life sciences companies in the event of a no-deal Brexit.
The UK Medicines and Healthcare products Regulatory Agency (MHRA) has published a...more
4/4/2019
/ Article 50 Treaty of the EU ,
EU ,
European Economic Area (EEA) ,
Health Care Providers ,
Healthcare ,
Life Sciences ,
Medicines and Healthcare Products Regulatory Agency (MHRA) ,
New Guidance ,
New Legislation ,
No-Deal Brexit ,
Pharmaceutical Industry ,
Time Extensions ,
UK ,
UK Brexit ,
Withdrawal Agreement
European regulators are expected to align their processes and guidance to accommodate the EDPB’s recommended approach to processing special categories of personal data.
In January, the European Data Protection Board (EDPB)...more
The CNIL decision handed down on 21 January 2019, which cites violations of several GDPR obligations, provides important insights for groups wishing to benefit from the “one-stop-shop mechanism”.
The Complaints -
Not...more
1/24/2019
/ Advertising ,
Android ,
CNIL ,
Data Processors ,
Data Protection Authority ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
Personal Data ,
Privacy Policy ,
Schrems I & Schrems II ,
Security and Privacy Controls
Understanding the practical implications of a “No Deal” Brexit (as compared to an exit under an approved Withdrawal Agreement) following last week’s vote against the current withdrawal proposal.
“No Deal” Brexit -...more
The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations.
The National Cyber Security Centre (NCSC) has published introductory guidance for operators of...more
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation.
The UK government moved closer to implementing the Security of Network and Information Systems...more
With the assistance of colleagues across the European Union (EU), Latham & Watkins has updated its GDPR National Implementation Tracker.
With just over three months to go until the GDPR go-live date on May 25, 2018,...more
As European data protection regulators prepare to enforce the General Data Protection Regulation (GDPR) from May 2018, private equity firms must act to minimise the risk of becoming financially liable for the data protection...more
12/14/2017
/ Antitrust Provisions ,
Corporate Liability ,
Data Breach ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Portfolio Companies ,
Private Equity ,
UK
The Article 29 Working Party (WP29), an independent European advisory body on data protection and privacy released the results of their first review of the EU-US Privacy Shield on Wednesday (6 December 2017). The WP29 has...more
Amid a growing number of high-profile corporate data breaches, cybersecurity is now a key issue for strategic acquirers. Thehack of Yahoo, which came to light midway through its 2016 takeover by Verizon, resulted in a US$350...more
The EU General Data Protection Regulation (GDPR) will come into force in May 2018, changing how businesses and the public sector manage customer information. With seven months before the deadline, governments, supervisory...more
On October 3, 2017, the Irish High Court announced that it will make a reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling on the validity of the Standard Contractual Clauses, which allow...more
Her Majesty’s Government last week published a position paper outlining its preferred post-Brexit landscape for data protection. The high-level takeaways are hardly surprising: the government stresses that it intends to...more
The Federal Law No. 87-FZ of May 1, 2017, on Amendments to the Federal Law on Information, Information Technologies, and Information Protection (the Law) came into force on July 1, 2017. The Law introduces the definition of...more
Cybercrime has become a critical issue for buyout firms as hackers are increasingly targeting sensitive business data to profit from insider knowledge. According to a Private Funds Management survey of 91 PE houses, 54% of PE...more
The State Duma, Russia’s lower chamber of Parliament, has adopted amendments to the Federal Law on Information, Information Technologies and Information Protection of the Russian Federation (the Law) in its first reading....more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
6/2/2017
/ CNIL ,
Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Multinationals ,
UK ,
UK Brexit ,
UK Data Protection Act