Latest Articles

Article 35(4) of the EU General Data Protection Regulation (“GDPR”) states that the supervisory authorities of the EU Member States (“SAs”) shall establish, publish and communicate to the European Data Protection Board (“EDPB”) a list of processing operations that are subject to a requirement for a data protection impact assessment (“DPIA”) under the GDPR.…
On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back the Privacy Shield. In particular, the finding that the United States continues to ensure an adequate level of protection for…
While the GDPR compliance clock is ticking for companies, EU Member States have also been preparing for the implementation of the General Data Protection Regulation (“GDPR”) which will become enforceable on May 25, 2018. The GDPR will be directly applicable in all EU Member States without the need for implementing national laws. However, apart from the need to establish the supervisory authority, the GDPR provides Member States with the possibility to introduce more specific rules…
Over the past two years, we have been assisting clients from all sectors to prepare for the implementation of the General Data Protection Regulation (“GDPR”), which will become enforceable on May 25, 2018.  Whilst many companies are racing full throttle to be fully compliant by May 2018, others are just about to start the process or are still questioning whether they need to do anything. In the following we highlight five recurring key issues that companies of…
On 13 September 2017, the President of the European Commission, Jean Claude Juncker, announced during his State of the Union address the intention to propose new legislative measures that will boost the cybersecurity resilience within the EU. Following the President’s speech, the European Commission published the following initiatives: a proposal for a Cybersecurity Act Regulation and Annex establishing an “EU Cybersecurity Agency”; an implementation toolkit for the Network and Information Security Directive; and a report
On 13 September 2017, in the context of the Digital Single Market Initiative, the European Commission (“Commission”) issued a draft proposal to regulate the framework for the free flow of non-personal data in the EU (“draft proposal”). The highly anticipated draft proposal aims at establishing a framework of free cross-border data flow within the EU. In an attempt to build a European data economy, the draft proposal seeks to create a competitive market for data…
The European Commission today published its formal proposal for a new regulation on e-Privacy (“ePR”), following publication of a leaked draft in late December 2016. The Commission also issued a communication on “Exchanging and Protecting Personal Data in a Globalised World”, a communication on “Building a European Data Economy” and a proposal for a Data Protection Regulation applicable to the EU institutions, as part of its Digital Single Market strategy. The proposed ePR is intended…
On December 16, 2016, the Article 29 Data Protection Working Party (“WP29”) published guidelines and FAQs on the forthcoming General Data Protection Regulation (the “GDPR”) addressing the following three key issues: Data Protection Officers (“DPOs”) (WP 243) The right to “data portability” (WP 242) The identification of the lead supervisory authority (WP244) The published guidelines are based on input from various stakeholders, including the workshop (Fablab) that the WP29 organised in July 2016 (for the…