Paul Greaves

About Paul Greaves

Paul Greaves is a senior associate in the Brussels office and a member of Alston & Bird’sPrivacy, Cyber & Data Strategy Team. Paul’s privacy, information technology, and data protection practice includes a focus on compliance with the General Data Protection Regulation, ePrivacy rules, and cross-border data transfers.

[Read Bio]

UK Information Commissioner’s Office Issues Warning on Ransomware Payments

July 13, 2022 By Paul Greaves

On July 8, 2022, the UK Information Commissioner’s Office (UK ICO) together with the UK National Cyber Security Centre (NCSC), published a joint letter asking the Law Society of England & Wales to remind its members that they should not advise clients to pay ransomware demands should they fall victim to a cyber-attack. The Law […]

EDPB Issues Draft Guidelines on the Calculation of Administrative Fines

May 19, 2022 By Yung Shin Van Der Sype and Paul Greaves

On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]

EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield

March 25, 2022 By Paul Greaves and Wim Nauwelaerts

On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]

EDPB Issues Draft Guidelines on Data Subject Access Rights

January 30, 2022 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data Protection Regulation (“GDPR”). In the draft guidance, the EDPB explains the aim and components of the right. This analysis is followed […]

EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR

January 10, 2022 By Paul Greaves and Wim Nauwelaerts

On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]