Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already). WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do […]
European Parliament Adopts “NIS2” Cybersecurity Directive
On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]
Heavier Breach Notification Obligations for U.S. Companies Subject to the EU GDPR According to Proposed Regulatory Guidance from the EDPB
On October 18, 2022, the European Data Protection Board (“EDPB”) published a proposed updated version of its regulatory guidance on personal data breaches under the EU GDPR (the “Proposed Updated Guidance”). The Proposed Updated Guidance seeks to place heavier personal data breach notification obligations on controllers established in the U.S. (and other non-EU countries) but […]
UK Information Commissioner’s Office Issues Warning on Ransomware Payments
On July 8, 2022, the UK Information Commissioner’s Office (UK ICO) together with the UK National Cyber Security Centre (NCSC), published a joint letter asking the Law Society of England & Wales to remind its members that they should not advise clients to pay ransomware demands should they fall victim to a cyber-attack. The Law […]
EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]