China’s Cyber Security Law (CSL), enacted in 2016, requires operators of critical information infrastructure (CII) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated
Germany’s highest civil court, the Federal Court Of Justice (Bundesgerichtshof, the FCJ), has just published a decision specifying the scope of data subject access requests (DSARs). The FCJ held that Article 15 of the EU General Data
As part of its global strategy to ensure compliance with its new cookies mandatory guidelines, and as announced in its priority control themes for 2021, in May 2021 the CNIL issued formal notices to over twenty organizations (including international actors
The European Commission (EC) signalled plans for a new Data Act, to be published in late 2021, in its February 2020 Data Strategy Communication. The EC revealed more details in its 2021 Consultation and Inception Impact Assessment. The
The European Commission has today published a positive adequacy finding in respect of the UK’s data protection regime (the Decision). This means that personal data can continue to flow freely from the EU to the UK without the need
On 21 June 2021, the European Data Protection Board (EDPB) published its finalised version of the Recommendations on supplementary measures (the Recommendations) to assist companies comply with the Schrems II judgement.
This comes just a couple
On Friday 4 June, the European Commission published the finalised version of the new Standard Contractual Clauses for transferring personal data from the EU to third countries (the New SCCs). Privacy professionals have been waiting for the New SCCs for
The European Commission has today published the finalised version of the new Standard Contractual Clauses (the new SCCs). The purpose of the new SCCs are to help companies legalise transfers of personal data from outside of the EEA. They
The Hong Kong Government is proposing amendments to the Personal Data (Privacy) Ordinance (the “PDPO”) to combat doxxing acts. On 17 May 2021, the Constitutional and Mainland Affairs Bureau (the “CMAB”) published a discussion paper on
On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. (NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.