Category

GDPR

19 September 2017

European Commission prioritizes cybersecurity, GDPR compliance and free flow of data

On 13 September 2017, the European Commission presented its draft work program for the next sixteen months up to the end of 2018.  In addition to boosting jobs, growth and investments, the European Commission’s main priority is to improve and strengthen the Single Digital Market, where individuals as well as businesses can seamlessly access and exercise online activities under conditions of fair competition and a high level of consumer and personal data protection.  With that objective in mind, the European Commission plans to launch the following initiatives between now and the end of 2018:

(more…)

SHARE
EmailPrintShare
21 July 2017

The Belgian Data Protection Authority Publishes Guidance on Records of Processing Activities Under the GDPR

The Belgian Commission for the Protection of Privacy (“Privacy Commission”) has recently published guidance on Article 30 of the GDPR which contains the obligation for data controllers and processors to record their processing activities.

This record will have to be up-to-date by 25 May 2018 and readily made available to the regulator should it ask to view it. (more…)

SHARE
EmailPrintShare
07 July 2017

BBC Publishes Article Describing GDPR Panic Among Businesses

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force. (more…)

SHARE
EmailPrintShare
09 May 2017

Sidley’s Third Annual Privacy and Cybersecurity Roundtable

On April 18 in the DC office, Sidley hosted the firm’s third annual Privacy and Cybersecurity Roundtable for over 70 clients. Speakers included a senior representative of the European Data Protection Supervisor, senior officials from the Office of the New York State Attorney General and the Federal Trade Commission, legal, policy and compliance leaders from Facebook and Gannett, along with several members of the firm’s privacy, securities law and governance groups. (more…)

SHARE
EmailPrintShare
03 May 2017

New German Federal Data Protection Act Passed by German Parliament; Provisions Could Conflict with GDPR Undermining Uniformity

On 27 April 2017 the German Parliament passed the new Federal Data Protection Act (the Bundesdatenschutzgesetz or “new BDSG”) which from 25 May 2018 will replace the current German Data Protection Act. The new BDSG adapts German law in line with the EU’s new General Data Protection Regulation (the “GDPR”). The GDPR has direct effect in EU members states, but it allows member states to pass legislation which supplements the GDPR but is consistent with it.

(more…)

SHARE
EmailPrintShare
30 March 2017

Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules

On February 2, the Italian Data Protection Authority, known as the “Garante,” imposed a fine of EUR 5,880,000 on a UK money transfer company that it found to be in violation of Italian data privacy rules. This is the largest ever publicly-known fine imposed by an EU data protection authority, and it approaches the level of fines that are likely to be imposed under the EU’s General Data Protection Regulation (“GDPR”) that will come into force in May 2018. Although the GDPR is not yet in force, the Garante’s enforcement action shows that European data protection authorities are willing to levy the kind of fines allowed by the GDPR.

(more…)

SHARE
EmailPrintShare
22 March 2017

SURVEY TO BENCHMARK CYBERSECURITY COMPLIANCE

Cybersecurity compliance is becoming increasingly complicated with multiple regulators across the globe weighing in on your legal requirements to manage cyber risk. If you have wondered how others are approaching their compliance strategy, you are not alone.

You are invited to participate in a brief survey regarding your business’s approach to cybersecurity legal requirements. Specifically, the purpose of this survey is to learn how businesses like yours are responding to cybersecurity legal requirements under the European Union’s General Data Protection Regulation (GDPR) and Network and Information Security Directive (NIS Directive). In particular, we are interested in whether and if so, how businesses in the U.S. and the EU and elsewhere are applying the U.S. National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity to comply with these EU cybersecurity requirements.  Understanding which standards business are applying in order to comply with these requirements could be helpful in encouraging consistency of cybersecurity frameworks in the U.S., the EU and other regions.

Please use the link provided below to access the survey which will take very few minutes to complete. We plan to publish the results in approximately six weeks. Please note that no individuals or specific businesses will be identified in any published results without their express consent.

CLICK HERE to begin the survey.

Thank you for your participation.

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator