Background On April 4th, 2023, the European Data Protection Board (‘EDPB’), which is composed of representatives of the EU national supervisory authorities and the European Data Protection Supervisor (‘EDPS’), published an updated version of the Working Party 29 Guidelines on personal data breach notification under the EU General Data Protection Regulation (‘GDPR’). The EDPB had […]
GDPR
The EU Supervisory Authorities’ Coordinated Enforcement Action in the EU: This Year It’s All About DPOs
On March 15, 2023, the European Data Protection Board (“EDPB”) – the body through which the EU Member States’ Supervisory Authorities cooperate – along with 26 EU Supervisory Authorities officially launched a “coordinated enforcement action”, focusing on the designation of Data Protection Officers (“DPOs”) under the EU GDPR, and the position that DPOs hold in […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]
EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield
On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]
Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]