Alston & Bird Privacy, Cyber & Data Strategy Blog

September 27 Deadline Looming for EU Standard Contractual Clauses

September 15, 2021 By Wim Nauwelaerts

On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the EU GDPR) to controllers or processors outside the EU/EEA (and not subject to the EU GDPR). The modernized SCCs will replace the three sets of SCCs that were adopted under the predecessor of the EU GDPR - Data Protection Directive 95/46/EC - with effect from … [Read more] about September 27 Deadline Looming for EU Standard Contractual Clauses

California Privacy Protection Agency Board Meets to Review the CPRA Rulemaking Process

September 14, 2021 By Privacy & Data Security Team

On September 7 and 8, 2021, the California Privacy Protection Agency (“CPPA”) Board held a public virtual meeting regarding the rulemaking process under the California Privacy Rights Act (“CPRA”). The Board indicated that it expects to initiate … [Read more] about California Privacy Protection Agency Board Meets to Review the CPRA Rulemaking Process

UK Unveils Post-Brexit Data Plans with an Emphasis on International Transfers of Personal Data

August 26, 2021 By Paul Greaves

Today, the UK Department of Digital, Culture, Media and Sport (“DCMS”) has made a series of announcements shedding light on the UK’s post-Brexit data strategy. The announcements – which emphasize the importance of international transfers of personal … [Read more] about UK Unveils Post-Brexit Data Plans with an Emphasis on International Transfers of Personal Data

EDPB reports on EU Data Protection Authorities’ resources and enforcement actions

August 23, 2021 By Yung Shin Van Der Sype and Wim Nauwelaerts

Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources … [Read more] about EDPB reports on EU Data Protection Authorities’ resources and enforcement actions

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require … [Read more] about Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC