Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]
Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]
EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR
On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]
European Commission Adopts Draft UK Adequacy Decision
On February 19, 2021, the European Commission adopted a draft ‘adequacy decision’ in favor of the UK. The adoption of the draft adequacy decision marks the first step in ensuring the continued free flow of personal data from EEA countries to the UK under the EU GDPR. Once (and if) the final adequacy decision is […]
The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways
When a controller engages a processor, the GDPR requires that the parties enter into a specific contract that contains certain mandatory provisions. This contract is often referred to as a ‘data processing agreement’ or ‘DPA’. To facilitate compliance with this requirement, the GDPR has provided the European Commission with the power to issue standard contractual […]