Data Protection

Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents

November 22, 2021 By Kate Hanniford and Kristen Bartolotta

On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system. The rule applies to […]

EDPB issues draft guidelines on the interplay between the GDPR’s provisions on territorial scope and international data transfers

November 22, 2021 By Yung Shin Van Der Sype and Wim Nauwelaerts

On November 18, the European Data Protection Board (“EDPB”) released draft guidelines on the interplay between Article 3 GDPR – which sets out the GDPR’s territorial scope – and the provisions in Chapter V of the GDPR, which impose restrictions on international data transfers. In this draft guidance, the EDPB clarifies which (cumulative) criteria must […]

Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed

November 2, 2021 By Yung Shin Van Der Sype, Paul Greaves and Wim Nauwelaerts

The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]

China’s First Comprehensive Personal Information Protection Law – Key Takeaways

October 5, 2021 By Privacy, Cyber & Data Strategy Team

On August 20, 2021, China’s first comprehensive Personal Information Protection Law (“PIPL”) was passed into law. The Cybersecurity Law, the Data Security Law, and the PIPL of China are the three pillars of China’s data protection framework, which govern cybersecurity, data security, and personal information protection respectively. The Cybersecurity Law largely governs cybersecurity requirements for […]

September 27 Deadline Looming for EU Standard Contractual Clauses

September 15, 2021 By Wim Nauwelaerts

On June 4th, the European Commission issued modernized Standard Contractual Clauses (SCCs) under the EU General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the EU GDPR) to controllers or processors outside the EU/EEA (and not subject to the EU GDPR). The modernized SCCs will […]