On January 28, 2022, the European Data Protection Board (“EDPB”) published draft regulatory guidelines (“draft guidance”) on the right of data subjects to have access to their personal data under the EU General Data Protection Regulation (“GDPR”). In the draft guidance, the EDPB explains the aim and components of the right. This analysis is followed […]
Major Overhaul of EU Clinical Trial Rules Kicks In on 31 January 2022
On 31 January 2022, the EU Clinical Trial Regulation (CTR) will come into application, almost 8 years after its adoption by the European Parliament and the Council of the EU. The CTR will radically change the regulatory framework for conducting clinical trials in the EU Member States as well as European Economic Area (EEA) countries […]
EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]
EDPB issues draft guidelines on the interplay between the GDPR’s provisions on territorial scope and international data transfers
On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on international data transfers. In this draft guidance, the EDPB clarifies which (cumulative) criteria must […]
Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]