While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
It’s the turn of South-East Asian countries to update their data protection laws. Here is our summary of the proposed new data protection laws in Vietnam, Malaysia and Indonesia. Organisations are advised to update their data...more
The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
On 19 September 2024, the Belgian Data Protection Authority (DPA) issued new Guidance on the interplay between the recently adopted EU Regulation on Artificial Intelligence (the AI Act) and the General Data Protection...more
يُعد نظام حماية البيانات الشخصية (النظام) أول نظام شامل لحماية البيانات في المملكة العربية السعودية. من المتوقع أن تبدأ الهيئة السعودية للبيانات والذكاء الاصطناعي (الهيئة) في الإنفاذ الكامل للنظام اعتبارًا من 14 سبتمبر 2024،...more
The European Union’s (EU) General Data Protection Regulation (GDPR) has been in effect since May 2018. The law’s goal of protecting EU citizens’ personal information and privacy seems to be coming into fruition. In the past,...more
The European Data Protection Supervisor, the independent European Union authority responsible for data protection regulatory oversight, issued a preliminary opinion on data protection and scientific research. The Opinion...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ——— (b) Relevant legislation includes: ...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ———...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ——— (b) Relevant legislation...more
The European Data Protection Board ("EDPB") has published guidelines on the use of the certification mechanism under the GDPR. Certifications are intended to help businesses provide evidence of compliance with the GDPR. The...more
Why does this topic matter to organisations? National Data Protection Authorities ("DPAs") are appointed to implement and enforce data protection law, and to offer guidance. As set out in Chapter 16, DPAs have significant...more
Whom to suspend during any Foreign Corrupt Practices Act (FCPA) investigation is always a delicate question to answer. Unfortunately there is never an easy answer. As the Volkswagen (VW) emission-testing scandal continues to...more
For the past 15 years, the EU-U.S. Safe Harbor Framework has been one of the most popular data transfer mechanisms for organizations that engage in cross-border transfers of EU personal data to the United States. In the...more
The European Court of Justice’s (CJEU) recent decision striking down the EU-US Safe Harbor framework has created significant marketplace uncertainty and left companies scrambling for alternative cross-Atlantic data transfer...more
Today, I wrap up my series on why I think compliance is at the Tipping Point. However as it is a Friday in October, I continue my tribute to the Man in the Shadows, producer Val Lewton, whose films for RKO had some of the...more
I continue my exploration of why I believe that compliance is at the Tipping Point, with today’s entry of data point four, which is last week’s decision by the European Court of Justice (ECJ) in the Schrems case. While most...more
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
Following the ECJ’s decision in the “Schrems” case which has invalidated the Safe Harbor framework multinational corporations may now face profound privacy law related compliance issues in a multitude of jurisdictions. In the...more
It’s the second Friday in October and I am continuing my HorrorFest month. I usually call it Monster Movie Fest but this year I am celebrating the films of Val Lewton who really worked more broadly in the horror genre, rather...more