EDPB Provides Clarity and Raises New Questions with Publication of Final Guidelines on the Territorial Scope of the GDPR

Following an extensive public consultation, the European Data Protection Board (“EDPB”) has published a final version of its guidelines on the territorial scope of the GDPR (“Guidelines”). This comes almost one year since the draft guidelines were originally published.  Please read this blog together with our previous blog on the draft guidelines, as this blog addresses only the key differences between the draft guidelines and the Guidelines.

Read More

EmailShare

Fund Managers Targeted in Sophisticated Cyberattacks

There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. This post summarizes the practical measures that may be adopted to protect your firm against cyberattacks and the keys to successful crisis management in the event that an unauthorized data breach occurs.

Read More

EmailShare

German DSK Issues GDPR Fining Methodology Guidelines

Recently, the Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”).  GDPR enforcement across the EU has picked up over the past year.  This Fining Methodology has been issued at the time of a significant increase in GDPR enforcement action across the EU.  The European Data Protection Board (“EDPB”) reported a total of 281,088 national enforcement actions being initiated as of May 22, 2019 (approximately one year after the GDPR’s entry into application).  Since then, data protection authorities across the EU have been initiating enforcement and fines on a daily basis.  In particular, in the UK, the Information Commissioner’s Office (“ICO”) has issued two notices of intention to fine of  €114m and €215m for failure to implement appropriate data security measures.

Read More

EmailShare

Federal Banking Agencies Release Joint Statement on Use of Alternative Data for Credit Underwriting

On December 3, 2019, the five federal banking agencies1 issued a joint statement (the “Joint Statement”) regarding the use of alternative data for credit underwriting. The Agencies highlighted potential benefits that may arise from the use of alternative data, including the ability to make faster and more accurate credit determinations and the potential to provide credit at a lower rate or to individuals or small businesses that would otherwise be unable to access it. While the Agencies issued approving language regarding the use of certain types of alternative data, they also cautioned that the use of alternative data may have consumer protection implications, including fair lending, prohibitions against unfair, deceptive or abuse acts or practices and the Fair Credit Reporting Act.

Read More

EmailShare

European Data Protection Board Adopts Data Protection by Design and by Default Guidelines

On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”).  The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities.  The EDPB encourages early consideration of data protection by design and by default principles (“DPbDD”) and considers DPbDD to be at the forefront of GDPR compliance.  Data controllers, processors and technology providers should consider re-assessing their processing operations and products against the standards put forward in the Guidelines.

Read More

EmailShare

EDPB Stakeholder Event Highlights Continued Confusion over Data Subject Rights Compliance under the GDPR

On 4 November 2019, the European Data Protection Board (EDPB), the EU-wide data supervisory authority, held a stakeholders’ event on data subject rights under the GDPR. At the event, various stakeholders including e.g., corporates and NGOs, raised a number of issues including, for example:

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator