On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on international data transfers. In this draft guidance, the EDPB clarifies which (cumulative) criteria must […]
About Yung Shin Van Der Sype
Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed
The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]
EDPB reports on EU Data Protection Authorities’ resources and enforcement actions
Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]
EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR
On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]
Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements? Do the Article 28 clauses ensure compliance with […]