Category

International

21 July 2017

The Belgian Data Protection Authority Publishes Guidance on Records of Processing Activities Under the GDPR

The Belgian Commission for the Protection of Privacy (“Privacy Commission”) has recently published guidance on Article 30 of the GDPR which contains the obligation for data controllers and processors to record their processing activities.

This record will have to be up-to-date by 25 May 2018 and readily made available to the regulator should it ask to view it. (more…)

SHARE
EmailPrintShare
07 July 2017

BBC Publishes Article Describing GDPR Panic Among Businesses

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force. (more…)

SHARE
EmailPrintShare
13 June 2017

China Food and Drug Administration Announces Penalties for Clinical Trial Data Integrity Violations

On May 24, 2017, the China Food and Drug Administration (CFDA) issued its [2017] Circular No. 63 (the Circular), setting out penalties for clinical trial data integrity violations, including intentional data falsification, incomplete and incompliant data and other data defects. The highlights are: (more…)

SHARE
EmailPrintShare
01 June 2017

English High Court Limits Scope of Privilege for Documents Generated During the Course of Internal Investigations

The English High Court recently handed down a judgment which limits the circumstances in which companies will be able to assert legal professional privilege in documents created as part of an internal investigation into potential criminal activity. The Court ruled that a claim for litigation privilege in the context of a criminal investigation will only be valid where, at the time that the relevant documents were created, the prospective defendant has sufficient knowledge about the matter to believe that there is a realistic prospect that a prosecutor will have enough material to proceed with a prosecution. The belief that a prosecutor will commence an investigation into a company is not sufficient to establish a claim for litigation privilege. The judge’s narrow interpretation of legal advice privilege also means that notes of interviews with employees will generally not attract privilege unless they provide “clues” as to aspects of legal advice given to the company. (more…)

SHARE
EmailPrintShare
30 May 2017

Money Laundering Regulations 2017: Preparing for the UK’s New Customer Due Diligence Regime

The UK is expected to introduce its updated customer due diligence regime with effect from June 26 or shortly thereafter. The changes are wide-ranging and will affect virtually all financial services firms doing business in the UK.

The Government has published a near-final draft of the new legislation. To the extent they’ve not already started, affected firms should be planning for the changes that will be required to their existing policies, procedures and systems.

In this post, we highlight the key issues for financial services firms, and propose a series of action points that they may wish to consider over the next month as they move to implement the new requirements. (more…)

SHARE
EmailPrintShare
18 May 2017

Responding to WannaCry

*This post was originally distributed as a privacy and cybersecurity client alert on Monday, May 15, 2017.  Sign up for our privacy and cybersecurity distribution list here.

As you likely will have heard, there is an ongoing major cyber-attack involving the WannaCry ransomware. It is affecting businesses across the world and across sectors, including financial services firms, healthcare entities and even manufacturers. We are actively advising clients on cybersecurity matters, and we have recently guided clients through ransomware attacks. We have also recently authored a major report on improving transatlantic cybersecurity in collaboration with the US Chamber of Commerce.

Following the WannaCry attack, many companies and their counsel will need to consider and coordinate the following: (more…)

SHARE
EmailPrintShare
03 May 2017

New German Federal Data Protection Act Passed by German Parliament; Provisions Could Conflict with GDPR Undermining Uniformity

On 27 April 2017 the German Parliament passed the new Federal Data Protection Act (the Bundesdatenschutzgesetz or “new BDSG”) which from 25 May 2018 will replace the current German Data Protection Act. The new BDSG adapts German law in line with the EU’s new General Data Protection Regulation (the “GDPR”). The GDPR has direct effect in EU members states, but it allows member states to pass legislation which supplements the GDPR but is consistent with it.

(more…)

SHARE
EmailPrintShare
17 April 2017

EU Lawmakers Say That Privacy Shield Deficiencies Must Be Fixed Urgently

On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules. (more…)

SHARE
EmailPrintShare
30 March 2017

Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules

On February 2, the Italian Data Protection Authority, known as the “Garante,” imposed a fine of EUR 5,880,000 on a UK money transfer company that it found to be in violation of Italian data privacy rules. This is the largest ever publicly-known fine imposed by an EU data protection authority, and it approaches the level of fines that are likely to be imposed under the EU’s General Data Protection Regulation (“GDPR”) that will come into force in May 2018. Although the GDPR is not yet in force, the Garante’s enforcement action shows that European data protection authorities are willing to levy the kind of fines allowed by the GDPR.

(more…)

SHARE
EmailPrintShare
1 2 3 15