Data Protection

EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR

July 21, 2021 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]

Colorado Becomes the Third State to Adopt a General Privacy Law

July 8, 2021 By Dorian Simmons

On July 7, Colorado became the third state behind California and Virginia to adopt a comprehensive privacy law when Governor Jared Polis signed the Colorado Privacy Act into law. The CPA contains many similarities to the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act, as amended by the California Privacy Rights […]

Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA

June 16, 2021 By Yung Shin Van Der Sype

Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements? Do the Article 28 clauses ensure compliance with […]