Tag archives: data protection authority

German M&A Deals: Share Deals Remain the Only Secure Way to Transfer All Customer Data

Data Protection Report - Norton Rose FulbrightThe German data protection authorities, acting as the German data protection conference (Datenschutzkonferenz), recently published guidance on how to transfer customer data in an asset deal. The guidance runs through various scenarios. In most cases, a bulk transfer of all customer data is not permitted. Further, the guidance makes no mention of, or allowance for, … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report - Norton Rose FulbrightFollowing the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

Privacy Shield Update: EU Member States Approve Amended Framework

Data Protection Report - Norton Rose FulbrightOn July 8, 2016, European Member States approved the proposed EU-US Privacy Shield framework, with four Member States – Austria, Bulgaria, Croatia, and Slovenia – reportedly abstaining. Before the framework can be implemented, formal approval by the European Commission is required. Although the European Commission has yet to formally release a copy of the revised … Continue reading

Details of Privacy Shield published

Data Protection Report - Norton Rose FulbrightOn February 29, 2016, the European Commission published the documents comprising the new EU-U.S. Privacy Shield, the adoption of which we previously covered on our blog. In the Commission’s opinion, the new framework reflects the requirements set forth by the European Court of Justice in the Schrems ruling, which invalidated the U.S.-EU Safe Harbor framework. The … Continue reading

German Data Protection Authorities Suspend BCR approvals, question Model Clause transfers

Data Protection Report - Norton Rose FulbrightFollowing on from the EU Article 29 Working Party Statement of 16 October 2015, the Conference of the German Data Protection Authorities – (“DPAs”) has today issued guidance (referred to as a Position Paper) on the consequences of the CJEU decision in the Schrems case (Case C-362/14).… Continue reading

Russian data protection authority explains data localization law; says cross-border transfer still permitted

Data Protection Report - Norton Rose FulbrightRussia’s data protection authority, Roscomnadzor, has held a number of meetings with business associations to respond to the wave of questions that have arisen about the interpretation and application of Russia’s personal data localization law. The law, which enters into force on September 1, 2015, requires that an operator, while collecting personal data, ensures the recording, … Continue reading
LexBlog