Alston & Bird Privacy, Cyber & Data Strategy Blog

Paul Greaves

Attorney Paul Greaves

About Paul Greaves

Paul Greaves advises on all aspects of privacy, cyber, and data law across a diverse range of clients - from global technology firms to life sciences startups expanding into Europe. His extensive experience includes advising on EU and UK GDPR compliance projects, cross-border data transfers, and personal data breaches.

[Read Bio]

European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

By , and

On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), including IoT devices, hardware components, and certain software.  It becomes fully applicable on December 11, 2027, with […]

New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

By , and

On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can take many forms including IoT devices, hardware components, and certain software. The CRA imposes cybersecurity obligations in connection […]

The EU Digital Omnibus: A European Data Law Shake-Up May Be Coming

By , and

On November 19, the European Commission (EC) released its EU Digital Omnibus proposal – a 153-page document accompanied by an explanatory memorandum and a Staff Working Document. This proposal introduces amendments, deletions, and replacements to several cornerstone EU digital laws, including: The GDPR. The Data Act. The AI Act. The ePrivacy Directive. Other instruments such […]

European Commission Moves to Extend Free Flows of Personal Data to the UK

By and

On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK to continue until December 2025. The existing adequacy decision – which was adopted in 2021 in […]

What to Tell Your C-Suite About the EU AI Act

By and

On July 12, 2024, the European Union’s long-awaited Artificial Intelligence Act (AI Act) was finally published. It will enter into force on the twentieth day following its publication; i.e., on August 1, 2024. The AI Act is a landmark legal framework that imposes obligations on both private and public sector actors that develop, import, distribute, […]