Alston & Bird Privacy, Cyber & Data Strategy Blog

UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework

By and

On 21 September 2023, the UK Government adopted the Data Protection (Adequacy) Regulations 2023, also referred to as the “UK-U.S. Data Bridge”. The UK-U.S. Data Bridge will allow companies to legitimately transfer personal data from the UK to the U.S. on the basis of the recently enacted EU-U.S. Data Privacy Framework (“DPF”). The UK Government decided to facilitate data flows from the UK to the U.S. by taking advantage of the existing DPF and establishing a UK extension to the DPF. The DPF … [Read more] about UK Government Makes a Bridge to The EU-U.S. Data Privacy Framework

California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity

By , and

In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed … [Read more] about California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity

NIST Cybersecurity Framework 2.0 Released for Public Comment

By , and

On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant update to the NIST … [Read more] about NIST Cybersecurity Framework 2.0 Released for Public Comment

Why the New EU-U.S. Data Privacy Framework May Be Good News for Life Sciences Companies in the U.S.

By

BACKGROUND U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the EU. This can be the case … [Read more] about Why the New EU-U.S. Data Privacy Framework May Be Good News for Life Sciences Companies in the U.S.