Recent cases have highlighted the continued tensions between the GDPR and U.S. demands for discovery in the context of U.S. litigation and investigations. This issue can present a real concern for companies operating on both sides of the pond seeking to comply with obligations on either side. Whilst the GDPR provides EU citizens with valuable protections on the processing and cross-border transfer of their data, it is not an automatic shield from the demands of…

Beginning in November 2020, the Department of Defense (DoD) has confirmed that new solicitations will include the new Cybersecurity Maturity Model Certification (CMMC). Despite the impact of COVID-19, this confirmation indicates that the DoD is intent upon ensuring the protection of certain critical information and shoring up protection of its critical networks and supply chain. Defense contractors should prepare for the new compliance requirements, including on the new measurement levels on the accreditation for assessors.…

At the end of 2019, the UK Prudential Regulation Authority (PRA) released its consultation paper (link here) setting out its proposals on a regulatory framework to modernise outsourcing and third-party risk management. The original deadline for responding to the proposals was 3 April 2020, but this has now been extended to 1 October 2020, which was announced as part of the Bank of England’s and the PRA’s measures to respond to the economic shock…

On 12 June 2020, the UK’s Information Commissioner’s Office (ICO) issued new guidance for organisations on the coronavirus (COVID-19) recovery phase (Guidance). The Guidance (available here) forms part of the ICO’s wider data protection and coronavirus information hub (available here) which aims to help organisations navigate data protection during this unprecedented time. The new Guidance comes as the lockdown measures start to ease and businesses begin to reopen. It sets out six key…

The Information Commissioner’s Office (ICO) has updated its guidance on access requests and whether such requests are manifestly unfounded or excessive, providing further clarification to the definitions in the guidance and on how data controllers should respond to such requests. We summarise the key points below. Background A data subject has rights under the Data Protection Act 2018 to send requests to the data controller pertaining to their personal data, for example: the right of…

On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore. Technical Reference 76 serves as a practical reference for e-retailers and online marketplaces. The guidelines cover a wide range of functions, from the pre-purchase activities of browsing and selection,…

Background In light of the growing concern over cybersecurity and the increasing complexity of medical device supply chains, the Medical Device Coordination Group has released updated guidance on cybersecurity for medical devices (the Guidance) (link here). The Guidance is intended to supplement the essential requirements listed in Annex I of the Medical Devices Regulations (Regulations 745/2017 and 746/2017) (link here). We have summarised below the key points in this Guidance. Key points The…