At the end of 2022, the European Commission published its draft adequacy decision on the EU-US transfers of personal data. The draft contains an assessment of the US legal framework around state surveillance. Once in place, EU data transfers to…

On 17 November 2022, the UK Information Commissioner’s Office issued updated guidance on international personal data transfers.  The guidance is to be used for transfers of personal data from the UK to third countries. The ICO added a template…

On 24 November 2022, the Data Protection (Adequacy) (Republic of Korea) Regulations were laid before the UK parliament for approval. The Regulations are due to come into force on 19 December 2022.  From then onwards, transfers of personal data to…

The National Cyber Security Centre (“NCSC“) has published guidance for medium and large organisations on how to assess and improve cyber security in their supply chains.  The guidance is a supplement to the NCSC’s supply chain principles. …

On October 26, 2022, the Securities and Exchange Commission (SEC) issued a new rule proposal that would prohibit registered investment advisers (IAs) from outsourcing certain services without satisfying due diligence, monitoring and reassessment requirements.…

On 28 September 2022, the European Commission published the proposed AI Liability Directive. The Directive joins the Artificial Intelligence (AI) Act (which we wrote about here) as the latest addition to the EU’s AI focused legislation. Whilst the…

A recent £4.4m fine imposed by the ICO in October 2022 reveals its views on the responsibility of the parent company, senior management, and financial investments in organisations’ security standards to prevent cyber attacks.…